How severe is CVE-2022-30245?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-30245?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2022-30245 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered.

Related Vulnerabilities

CVE-2017-18357

MEDIUM

CVSS:6.5(Medium)

Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via...

CWE-6102017

CVE-2020-21363

MEDIUM

CVSS:6.5(Medium)

An arbitrary file deletion vulnerability exists within Maccms10.

CWE-6102020

CVE-2021-26920

MEDIUM

CVSS:6.5(Medium)

In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intend...

CWE-6102021

CVE-2021-3779

MEDIUM

CVSS:6.5(Medium)

A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 a...

CWE-6102021

CVE-2022-3032

MEDIUM

CVSS:6.5(Medium)

When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested documen...

CWE-6102022

CVE-2022-45918

MEDIUM

CVSS:6.5(Medium)

ILIAS before 7.16 allows External Control of File Name or Path.

CWE-6102022