OT and IoT cybersecurity company SCADAfence has discovered potentially serious vulnerabilities in a widely used building management system made by Alerton, a brand of industrial giant Honeywell.
Four vulnerabilities have been found in the Alerton Compass software, which is the product’s human-machine interface (HMI), the Ascent Control Module (ACM), and the Visual Logic component. SCADAfence says this is the first time CVE identifiers have been assigned to vulnerabilities in Alerton products.
SCADAfence will soon publish a blog post detailing its findings. In the meantime, the company has issued a press release that points to National Vulnerability Database entries providing some technical information for each of the four security holes.
