CVE-2022-2333

Summary

If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.

Affected Software

VendorProductVersion RangeStatus
HoneywellSoftMaster4.51affected

Weaknesses

  • CWE-427: CWE-427: Uncontrolled Search Path Element

Workarounds

Honeywell recommends users with potentially affected products take the following steps to protect themselves: Update firmware of vulnerable and affected devices. Isolate systems from the internet or create additional layers of defense to their system from the internet by placing the affected hardware behind a firewall or into a demilitarized zone (DMZ). If remote connections to the network are required, then users should consider using a VPN or other means to ensure secure remote connections into the network where the device is located.

More information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References