Honeywell Trend Controls Inter-Controller Protocol

Monitor7.1ICS-CERT ICSA-22-242-08Aug 30, 2022

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Honeywell IQ Series Controllers using the Inter-Controller (IC) protocol transmit authentication information in cleartext. An attacker on the network segment with these controllers could intercept credentials through passive network sniffing. IQ4 Series controllers may receive firmware updates, but older IQ Series models have no remediation available from the vendor. The vulnerability is not remotely exploitable and requires network proximity to the controller segment.

What this means

What could happen

An attacker on the network segment with your Honeywell IQ Series controllers could intercept authentication credentials in cleartext traffic, potentially gaining unauthorized access to modify building automation or operational parameters.

Who's at risk

Transportation facilities and building automation operators using Honeywell IQ Series Controllers (particularly IQ4 models) for environmental or operational control should be concerned. This affects any organization relying on these controllers for critical process management or access control in transit systems, facilities, or industrial sites.

How it could be exploited

An attacker with network access to the same segment as IQ Series controllers can passively sniff Inter-Controller (IC) protocol traffic to capture authentication information sent in plaintext. No active attack or credentials are required—they simply observe and record network packets.

Prerequisites

Network access to the same segment as IQ Series controllers
Ability to capture network traffic (packet sniffing)
IQ Series controllers using Inter-Controller protocol for communication

No authentication requiredLow complexity attackNo patch available for older IQ modelsAffects controller authenticationCleartext credential transmission

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

IQ Series Controllers that utilize Inter-Controller (IC) protocol: All versionsAll versionsNo fix yet

Remediation & Mitigation

0/7

Do now

0/2

HARDENINGPhysically or logically isolate the network segment containing IQ Series controllers from untrusted networks and the IT network using firewalls

HARDENINGRestrict system access to authorized personnel only and apply least privilege to all accounts on the controller

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HARDENINGEnable encrypted network traffic between controllers and monitoring systems where the product supports it

HARDENINGDeploy network monitoring to detect suspicious traffic patterns or unauthorized access attempts on the controller segment

HARDENINGDisable unnecessary services and accounts on IQ Series controllers

HOTFIXUpdate IQ4 Series controllers to the latest available firmware version from Honeywell

Long-term hardening

0/1

HARDENINGReview Honeywell Security Best Practice for Trend Products documentation and implement recommended controls

CVEs (1)

CVE-2022-30312

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/878f6c02-1033-4ac7-bb37-39d53e467558