Honeywell ControlEdge

Act Now9.8ICS-CERT ICSA-22-242-06Aug 30, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Honeywell ControlEdge devices running firmware version below 151.2 contain a hardcoded credential vulnerability (CWE-798) that allows unauthenticated remote attackers to gain full control of the device. Successful exploitation could result in remote code execution, denial-of-service, or unauthorized configuration manipulation of control system operations.

What this means

What could happen

An attacker with network access to ControlEdge could execute arbitrary code on the device, potentially altering control logic, stopping operations, or exfiltrating sensitive configuration data from your automation infrastructure.

Who's at risk

Water utilities, electric utilities, and other critical infrastructure operators using Honeywell ControlEdge automation controllers should prioritize this issue. ControlEdge devices are commonly deployed in SCADA systems, DCS platforms, and edge control applications for process automation.

How it could be exploited

An attacker would connect to the affected ControlEdge device over the network and exploit a hardcoded credential vulnerability (CWE-798) to gain unauthorized access, then execute arbitrary commands to manipulate process control or disrupt operations.

Prerequisites

Network access to ControlEdge device (no authentication required)
ControlEdge version below 151.2

Remotely exploitableNo authentication requiredLow complexityHardcoded credentialsCritical CVSS (9.8)Affects control system devices

Exploitability

Moderate exploit probability (EPSS 3.4%)

Affected products (1)

ProductAffected VersionsFix Status

ControlEdge: All< 151.2151.2

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to ControlEdge devices using firewall rules; ensure they are not accessible from the Internet or business network

WORKAROUNDIf remote access is required, implement Virtual Private Network (VPN) access with current updates to ControlEdge devices

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade ControlEdge to version 151.2 or later

Long-term hardening

0/1

HARDENINGIsolate ControlEdge devices and control system networks from business networks using network segmentation

CVEs (1)

CVE-2022-30318

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2e0c2177-601f-4a94-a488-6d4d6a47d660