Detections
Analytics

Honeywell Saia Burgess PG5 PCD Authentication Bypass Using an Alternate Path or Channel (CVE-2022-30319, CVE-2022-30320)

info Tenable OT Security Plugin ID 500655

Synopsis

The remote OT asset may be affected by a vulnerability.

Description

The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that was listed in the OT:ICEFALL report. Ensure your OT deployments follow best practices including accurate inventory, separation of environments, and monitoring. This plugin will trigger on any device seen by Tenable.OT that matches a family or model listed in the OT:ICEFALL report.

Note: All findings need to be manually verified based on the advisory from the vendor, once released.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Honeywell recommends users with affected products and unsupported products take the following steps to protect themselves:

- Apply product updates as available.
- Follow guidance in the product security manual to ensure isolation of network segments upon which automation controllers reside.
- Ensure adequate security controls are in place between OT and IT network segments.
- Disable unnecessary accounts and services.
- Follow a least privilege approach and restrict system access to authorized personnel.
- Apply defense-in-depth strategies.
- Log and monitor network traffic for suspicious activity.

See Also

http://www.nessus.org/u?4901fbd6

https://www.forescout.com/research-labs/ot-icefall/

https://www.cisa.gov/news-events/ics-advisories/icsa-22-207-03

Plugin Details

Severity: Info

ID: 500655

Version: 1.3

Type: remote

Family: Tenable.ot

Published: 6/22/2022

Updated: 7/24/2023

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

Vulnerability Information

CPE: cpe:/h:saia_burgess_controls:pcd_controllers

Required KB Items: Tenable.ot/Saia

Vulnerability Publication Date: 6/22/2022

Reference Information

CVE: CVE-2022-30319, CVE-2022-30320