CVE-2022-2333 - Vulnerability Details - OpenCVE

If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Honeywell	Softmaster

Configuration 1 [-]

cpe:2.3:a:honeywell:softmaster:4.51:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02
https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf

History

Wed, 16 Apr 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-09-16T20:18:42.695Z

Updated: 2025-04-16T17:47:27.339Z

Reserved: 2022-07-06T00:00:00.000Z

Link: CVE-2022-2333

Vulnrichment

Updated: 2024-08-03T00:32:09.614Z

NVD

Status : Modified

Published: 2022-09-16T22:15:10.667

Modified: 2024-11-21T07:00:47.260

Link: CVE-2022-2333

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SoftMaster", "vendor": "Honeywell", "versions": [{"status": "affected", "version": "4.51"}]}], "credits": [{"lang": "en", "value": "Noam Moshe of Claroty Research reported these vulnerabilities to Honeywell."}], "datePublic": "2022-09-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application\u2019s context and permissions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-16T20:18:42.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf"}], "solutions": [{"lang": "en", "value": "Honeywell has released firmware update packages for the affected products on their website.\nMore information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7"}], "source": {"discovery": "EXTERNAL"}, "title": "Honeywell SoftMaster Uncontrolled Search Path Element", "workarounds": [{"lang": "en", "value": "Honeywell recommends users with potentially affected products take the following steps to protect themselves:\nUpdate firmware of vulnerable and affected devices.\nIsolate systems from the internet or create additional layers of defense to their system from the internet by placing the affected hardware behind a firewall or into a demilitarized zone (DMZ).\nIf remote connections to the network are required, then users should consider using a VPN or other means to ensure secure remote connections into the network where the device is located.\n\nMore information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-09-13T21:40:00.000Z", "ID": "CVE-2022-2333", "STATE": "PUBLIC", "TITLE": "Honeywell SoftMaster Uncontrolled Search Path Element"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SoftMaster", "version": {"version_data": [{"version_affected": "=", "version_value": "4.51"}]}}]}, "vendor_name": "Honeywell"}]}}, "credit": [{"lang": "eng", "value": "Noam Moshe of Claroty Research reported these vulnerabilities to Honeywell."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application\u2019s context and permissions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-427: Uncontrolled Search Path Element"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02"}, {"name": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf", "refsource": "CONFIRM", "url": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf"}]}, "solution": [{"lang": "en", "value": "Honeywell has released firmware update packages for the affected products on their website.\nMore information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7"}], "source": {"discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Honeywell recommends users with potentially affected products take the following steps to protect themselves:\nUpdate firmware of vulnerable and affected devices.\nIsolate systems from the internet or create additional layers of defense to their system from the internet by placing the affected hardware behind a firewall or into a demilitarized zone (DMZ).\nIf remote connections to the network are required, then users should consider using a VPN or other means to ensure secure remote connections into the network where the device is located.\n\nMore information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:32:09.614Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-16T17:27:13.488681Z", "id": "CVE-2022-2333", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T17:47:27.339Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-2333", "datePublished": "2022-09-16T20:18:42.695Z", "dateReserved": "2022-07-06T00:00:00.000Z", "dateUpdated": "2025-04-16T17:47:27.339Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "SoftMaster", "vendor": "Honeywell", "versions": [{"status": "affected", "version": "4.51"}]}], "credits": [{"lang": "en", "value": "Noam Moshe of Claroty Research reported these vulnerabilities to Honeywell."}], "datePublic": "2022-09-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application\u2019s context and permissions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427: Uncontrolled Search Path Element", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-16T20:18:42.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf"}], "solutions": [{"lang": "en", "value": "Honeywell has released firmware update packages for the affected products on their website.\nMore information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7"}], "source": {"discovery": "EXTERNAL"}, "title": "Honeywell SoftMaster Uncontrolled Search Path Element", "workarounds": [{"lang": "en", "value": "Honeywell recommends users with potentially affected products take the following steps to protect themselves:\nUpdate firmware of vulnerable and affected devices.\nIsolate systems from the internet or create additional layers of defense to their system from the internet by placing the affected hardware behind a firewall or into a demilitarized zone (DMZ).\nIf remote connections to the network are required, then users should consider using a VPN or other means to ensure secure remote connections into the network where the device is located.\n\nMore information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-09-13T21:40:00.000Z", "ID": "CVE-2022-2333", "STATE": "PUBLIC", "TITLE": "Honeywell SoftMaster Uncontrolled Search Path Element"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SoftMaster", "version": {"version_data": [{"version_affected": "=", "version_value": "4.51"}]}}]}, "vendor_name": "Honeywell"}]}}, "credit": [{"lang": "eng", "value": "Noam Moshe of Claroty Research reported these vulnerabilities to Honeywell."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application\u2019s context and permissions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-427: Uncontrolled Search Path Element"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02"}, {"name": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf", "refsource": "CONFIRM", "url": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf"}]}, "solution": [{"lang": "en", "value": "Honeywell has released firmware update packages for the affected products on their website.\nMore information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7"}], "source": {"discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Honeywell recommends users with potentially affected products take the following steps to protect themselves:\nUpdate firmware of vulnerable and affected devices.\nIsolate systems from the internet or create additional layers of defense to their system from the internet by placing the affected hardware behind a firewall or into a demilitarized zone (DMZ).\nIf remote connections to the network are required, then users should consider using a VPN or other means to ensure secure remote connections into the network where the device is located.\n\nMore information can be found in the Honeywell Security Notification SN2022-08-31 01 SoftMaster-R4.7"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:32:09.614Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-2333", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-16T17:27:13.488681Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T17:27:14.848Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-2333", "datePublished": "2022-09-16T20:18:42.695Z", "dateReserved": "2022-07-06T00:00:00.000Z", "dateUpdated": "2025-04-16T17:47:27.339Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:honeywell:softmaster:4.51:*:*:*:*:*:*:*", "matchCriteriaId": "DB9712C7-C230-406B-8D34-6DADCEE8FE8B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application\u2019s context and permissions."}, {"lang": "es", "value": "Si un atacante logra enga\u00f1ar a un usuario v\u00e1lido para que cargue una DLL maliciosa, el atacante puede lograr la ejecuci\u00f3n de c\u00f3digo en el contexto y los permisos de la aplicaci\u00f3n Honeywell SoftMaster versi\u00f3n 4.51"}], "id": "CVE-2022-2333", "lastModified": "2024-11-21T07:00:47.260", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-16T22:15:10.667", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Not Applicable"], "url": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://www.security.honeywell.com/-/media/Security/Resources/PDF/Product-Warranty/Security_Notification_SN_2019-09-13-02_V4-pdf.pdf"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}