CVE-2022-46361 - OpenCVE

An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Honeywell	Onewireless Network Wireless Device Manager Onewireless Network Wireless Device Manager Firmware

Configuration 1 [-]

AND

cpe:2.3:h:honeywell:onewireless_network_wireless_device_manager:-:*:*:*:*:*:*:*

cpe:2.3:o:honeywell:onewireless_network_wireless_device_manager_firmware:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://process.honeywell.com/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Honeywell

Published: 2023-05-30T16:21:37.079Z

Updated: 2024-08-03T14:31:46.378Z

Reserved: 2022-11-30T20:26:18.635Z

Link: CVE-2022-46361

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-30T17:15:09.737

Modified: 2023-06-06T14:22:24.033

Link: CVE-2022-46361

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-46361", "assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "state": "PUBLISHED", "assignerShortName": "Honeywell", "dateReserved": "2022-11-30T20:26:18.635Z", "datePublished": "2023-05-30T16:21:37.079Z", "dateUpdated": "2024-08-03T14:31:46.378Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OneWireless", "vendor": "Honeywell", "versions": [{"lessThan": "322.2", "status": "affected", "version": "322.1", "versionType": "patch 322.2"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. </span><span style=\"background-color: var(--wht);\">This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2.</span>"}], "value": "An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands.\u00a0This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2."}], "impacts": [{"capecId": "CAPEC-646", "descriptions": [{"lang": "en", "value": "CAPEC-646 Peripheral Footprinting"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d", "shortName": "Honeywell", "dateUpdated": "2023-05-30T16:21:37.079Z"}, "references": [{"url": "https://process.honeywell.com/"}], "source": {"discovery": "UNKNOWN"}, "title": "Physical access to the WDM enables use of USB device to gain access to the WDM", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:31:46.378Z"}, "title": "CVE Program Container", "references": [{"url": "https://process.honeywell.com/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:onewireless_network_wireless_device_manager:-:*:*:*:*:*:*:*", "matchCriteriaId": "987B6E5F-C1B6-4764-A3B1-4AC7734B6D1D", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:honeywell:onewireless_network_wireless_device_manager_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "189C7318-C0AC-41A9-99AB-AB2BCB75E90B", "versionEndExcluding": "r322.2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands.\u00a0This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2."}], "id": "CVE-2022-46361", "lastModified": "2023-06-06T14:22:24.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.3, "impactScore": 6.0, "source": "psirt@honeywell.com", "type": "Secondary"}]}, "published": "2023-05-30T17:15:09.737", "references": [{"source": "psirt@honeywell.com", "tags": ["Product"], "url": "https://process.honeywell.com/"}], "sourceIdentifier": "psirt@honeywell.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "psirt@honeywell.com", "type": "Secondary"}]}