CVE: CVE-2022-30319

Export to Word

Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls (SBC) PCD S-Bus authentication bypass issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. It is possible to configure a password in order to restrict access to sensitive engineering functionality. Authentication functions on the basis of a MAC/IP whitelist with inactivity timeout to which an authenticated client's MAC/IP is stored. UDP traffic can be spoofed to bypass the whitelist-based access control. Since UDP is stateless, an attacker capable of passively observing traffic can spoof arbitrary messages using the MAC/IP of an authenticated client. This allows the attacker access to sensitive engineering functionality such as uploading/downloading control logic and manipulating controller configuration.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 8e-05
Percentile: 0.0044

CVSS Scoring

CVSS v3.1 Score: 8.1

Severity: HIGH

Mapped CWE(s)

CWE-290 : Authentication Bypass by Spoofing

All CAPEC(s)

CAPEC-21: Exploitation of Trusted Identifiers
CAPEC-22: Exploiting Trust in Client
CAPEC-459: Creating a Rogue Certification Authority Certificate
CAPEC-461: Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
CAPEC-473: Signature Spoof
CAPEC-476: Signature Spoofing by Misrepresentation
CAPEC-59: Session Credential Falsification through Prediction
CAPEC-60: Reusing Session IDs (aka Session Replay)
CAPEC-667: Bluetooth Impersonation AttackS (BIAS)
CAPEC-94: Adversary in the Middle (AiTM)

CAPEC(s) with Mapped TTPs

CAPEC-21: Exploitation of Trusted Identifiers
Mapped TTPs:
- T1134 : Access Token Manipulation
- T1528 : Steal Application Access Token
- T1539 : Steal Web Session Cookie
CAPEC-473: Signature Spoof
Mapped TTPs:
- T1036.001 : Invalid Code Signature
- T1553.002 : Code Signing
CAPEC-60: Reusing Session IDs (aka Session Replay)
Mapped TTPs:
- T1134.001 : Token Impersonation/Theft
- T1550.004 : Web Session Cookie
CAPEC-94: Adversary in the Middle (AiTM)
Mapped TTPs:
- T1557 : Adversary-in-the-Middle

Mapped ATT&CK TTPs

T1134 : Access Token Manipulation
Kill Chain: defense-evasion
T1528 : Steal Application Access Token
Kill Chain: credential-access
T1539 : Steal Web Session Cookie
Kill Chain: credential-access
T1036.001 : Invalid Code Signature
Kill Chain: defense-evasion
T1553.002 : Code Signing
Kill Chain: defense-evasion
T1134.001 : Token Impersonation/Theft
Kill Chain: defense-evasion
T1550.004 : Web Session Cookie
Kill Chain: defense-evasion
T1557 : Adversary-in-the-Middle
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

APT41 DUST
ArcaneDoor
SolarWinds Compromise
Operation Honeybee
RedDelta Modified PlugX Infection Chain Operations
Operation Dream Job
C0015
Leviathan Australian Intrusions
HomeLand Justice
C0017

Affected Products

cpe:2.3:a:honeywell:saia_pg5_controls_suite:-:*:*:*:*:*:*:*

← Back to Home