Honeywell OneWireless Wireless Device Manager

Act Now9.8ICS-CERT ICSA-23-075-06Apr 3, 2023

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

OneWireless WDM versions R322.1 and earlier contain vulnerabilities in command injection (CWE-77), insufficient randomness (CWE-330), and missing authentication (CWE-306) that allow remote code execution, privilege escalation, and disclosure of sensitive information. An attacker can exploit these flaws without credentials or user interaction over the network. Honeywell recommends upgrading to release R322.2.

What this means

What could happen

An attacker with network access to the OneWireless WDM could execute arbitrary code, escalate privileges, or steal sensitive configuration and credential data from wireless device management operations.

Who's at risk

Water and electric utilities relying on Honeywell OneWireless mesh networks for remote device monitoring and wireless sensor connectivity should treat this as critical. This affects wireless device managers deployed in substations, pumping stations, treatment plants, and other distributed monitoring points.

How it could be exploited

An attacker reaches the OneWireless WDM over the network without needing credentials or user interaction. The vulnerability allows remote code execution directly on the management platform, giving the attacker control over wireless device configuration and monitoring across your facility.

Prerequisites

Network access to the OneWireless WDM management interface

remotely exploitableno authentication requiredlow complexityhigh CVSS (9.8)no patch available

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

OneWireless WDM: All≤ R322.1R322.2

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict network access to the OneWireless WDM management interface to authorized users and systems only using firewall rules and network segmentation

HARDENINGEnsure backup files are stored on a network location or physical drive with access limited to authorized personnel only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade OneWireless WDM to release R322.2 or later

HARDENINGReview and implement Honeywell network security best practices from the Network-Planning-and-Installation-Guide

CVEs (3)

CVE-2022-46361 CVE-2022-43485 CVE-2022-4240

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/97c2cf71-3a8a-4cd0-9815-77cbedd5c0d3