Honeywell Safety Manager Missing Authentication For Critical Function (CVE-2022-30313, CVE-2022-30314, CVE-2022-30315, CVE-2022-30316, CVE-2022-30317)

critical Tenable OT Security Plugin ID 500656


The remote OT asset may be affected by a vulnerability.


The device may be vulnerable to flaws related to OT:ICEFALL. These vulnerabilities identify the insecure-by-design nature of OT devices and may not have a clear remediation path. As such, Nessus is unable to test specifically for these vulnerabilities but has identified the device to be one that was listed in the OT:ICEFALL report. Ensure your OT deployments follow best practices including accurate inventory, separation of environments, and monitoring. This plugin will trigger on any device seen by Tenable.OT that matches a family or model listed in the OT:ICEFALL report.

Note: All findings need to be manually verified based on the advisory from the vendor, once released.

This plugin only works with Tenable.ot. Please visit for more information.


The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at

Honeywell recommends the following:

- For CVE-2022-30315 and CVE2022-30313:
- Safety Manager and FSC use a key switch control to prevent users from downloading unauthorized safety logic. When the key switch is in the locked state, users cannot download any logic whatsoever.
- Safety builder should reside on a station with restrictive access controls. Network controls should be in place to limit the nodes permitted to communicate the builder protocol to the safety manager.
- Users are advised to follow the Safety Manager release documentation.
- For CVE-2022-30314:
- Safety Manager R160.1 and later releases include a remediation for this item. R160.1 was introduced in October 2014. Users are advised to operate on the latest release and point release.
- Customers should isolate process control networks following our security best practices.
- Users are advised to follow the Safety Manager Release documentation; see the section “Security Recommendations and Best Practices”.
- For CVE-2022-30316:
- The Safety Manager key switch prevents unauthorized firmware from being installed. Users are advised to monitor the key switch position.
- Users are advised to follow the Safety Manager Release documentation; see the section “Security Recommendations and Best Practices”.

See Also

Plugin Details

Severity: Critical

ID: 500656

Version: 1.7

Type: remote

Family: Tenable.ot

Published: 6/22/2022

Updated: 3/4/2024

Supported Sensors: Tenable OT Security

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-30315


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:honeywell:experion

Required KB Items: Tenable.ot/Honeywell

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/22/2022

Reference Information

CVE: CVE-2022-30313, CVE-2022-30314, CVE-2022-30315, CVE-2022-30316, CVE-2022-30317