Honeywell SoftMaster

Plan Patch8.8ICS-CERT ICSA-22-256-02Sep 13, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Honeywell SoftMaster versions up to 4.51 contain two vulnerabilities: insecure file/code loading (CWE-427) and improper file permissions (CWE-732). Successful exploitation allows an attacker to execute arbitrary code in the context of the application or escalate privileges. The vulnerabilities are remotely exploitable with low attack complexity; user interaction may be required for some attack paths. Honeywell has released firmware updates to address these issues.

What this means

What could happen

An attacker could run arbitrary code on the SoftMaster system or gain elevated privileges, potentially allowing control over the application's functions and access to sensitive data or system configurations.

Who's at risk

Operators of Honeywell SoftMaster systems in any industrial facility should care about this vulnerability. SoftMaster is commonly used in process automation and building management systems; affected organizations include water utilities, electric utilities, manufacturing plants, and facility management operations.

How it could be exploited

An attacker with network access to the SoftMaster device could exploit an insecure permission configuration (CWE-732) or unsafe file/code loading mechanism (CWE-427) to execute code with the application's privileges or escalate to higher privilege levels. User interaction (clicking a malicious link or opening a file) may be required depending on the attack vector.

Prerequisites

Network access to the SoftMaster device
User interaction may be required (opening a file or visiting a malicious link)

remotely exploitablelow attack complexityhigh CVSS score (8.8)

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

SoftMaster:4.51Fix available

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGIsolate SoftMaster systems from the internet by placing them behind a firewall or in a demilitarized zone (DMZ)

HARDENINGIf remote access to the network is required, implement a VPN or other secure remote access control to the network segment containing the affected device

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SoftMaster firmware to the patched version released by Honeywell (reference: SN2022-08-31 01 SoftMaster-R4.7)

CVEs (2)

CVE-2022-2333 CVE-2022-2332

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5a206c35-4fbe-4dd5-bd87-31dc04c12bd4