Honeywell Safety Manager

MonitorCVSS 7.5ICS-CERT ICSA-22-207-02Jul 26, 2022

Honeywell

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

CVE-2022-30315, CVE-2022-30313, and CVE-2022-30314 are authentication and access control weaknesses in Honeywell Safety Manager and Fail-Safe Controller (FSC). The vulnerabilities allow unauthorized downloading of safety logic and firmware manipulation. CVE-2022-30314 affects all versions prior to R160.1 (October 2014). CVE-2022-30315 and CVE-2022-30313 relate to insufficient enforcement of the key switch control mechanism that should prevent unauthorized logic downloads when locked. Successful exploitation could allow configuration and firmware manipulation or remote code execution on the safety controller.

What this means

What could happen

An attacker could upload malicious firmware or logic to a Safety Manager device, altering safety-critical control logic or shutting down safety systems. This could disable interlocks and safety functions that protect plant operators and equipment.

Who's at risk

Plant safety engineers and OT managers responsible for Honeywell Safety Manager installations used to control safety interlocks, emergency stops, and protective logic in industrial facilities. This affects all versions of Safety Manager and is critical for any facility relying on this system for operator protection.

How it could be exploited

An attacker with network access to the Safety Manager engineering interface can exploit weak authentication or bypass the key switch control mechanism to download unauthorized safety logic or firmware. No authentication may be required if default or weak credentials are in place, or if the key switch is improperly configured.

Prerequisites

Network access to the Safety Manager engineering interface (typically port 502 or proprietary Honeywell ports)
Key switch control may be absent or improperly set to unlocked state
CVE-2022-30314 only affects devices running firmware earlier than R160.1 (released October 2014)

Remotely exploitableNo authentication required (if key switch not locked)Affects safety systemsLow complexity attackNo patch available for all versionsLegacy devices (some versions over 8 years old)

Exploitability

Some exploitation risk — EPSS score 1.4%

Affected products (2)

2 pending

ProductAffected VersionsFix Status

Safety Manager: vers:all/*All versionsNo fix yet

Safety Manager: <R160.1<R160.1No fix yet

Remediation & Mitigation

0/5

Do now

0/3

WORKAROUNDKeep the Safety Manager key switch in the locked position to prevent unauthorized logic downloads

HARDENINGRestrict network access to the Safety Manager engineering interface using firewalls or air-gapping

HARDENINGReview and validate the current Safety Manager configuration and verify key switch state

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Safety Manager to R160.1 or later firmware (released October 2014)

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate Safety Manager from untrusted networks

CVEs (4)

CVE-2022-30315 CVE-2022-30313 CVE-2022-30314 CVE-2022-30316

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9ec3bae3-0240-40ed-9a8e-787b3ecfdd6b

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.