CVE-2022-43485— Insecure random number used for generating keys for signing Jwt tokens
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-43485
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insecure random number used for generating keys for signing Jwt tokens
Source: NVD (National Vulnerability Database)
Vulnerability Description
Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用不充分的随机数
Source: NVD (National Vulnerability Database)
Vulnerability Title
Honeywell OneWireless 安全特征问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Honeywell OneWireless是美国霍尼韦尔(Honeywell)公司的一种工业无线网状网络,能够同时支持 ISA100 Wireless*(IEC 62734)、WirelessHART (IEC 62591) 现场仪器(变送器、执行器等)、Wi-Fi 设备和基于以太网/IP 的设备。 Honeywell OneWireless 322.1版本存在安全漏洞,该漏洞源于使用随机值不足,攻击者利用该漏洞可以操纵客户端JWT令牌中的声明。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Honeywell | OneWireless | 322.1 | - |
II. Public POCs for CVE-2022-43485
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-43485
请登录查看更多情报信息。
Same Patch Batch · Honeywell · 2023-05-30 · 3 CVEs total
| CVE-2022-46361 | 6.9 MEDIUM | Physical access to the WDM enables use of USB device to gain access to the WDM |
| CVE-2022-4240 | 6.5 MEDIUM | Unauthenticated API allowing an attacker to obtain the information about network resources |
IV. Related Vulnerabilities
Same vendor: Honeywell
- CVE-2026-4272
CVE-2026-4272 - Bluetooth Remote Execution of System Command - CVE-2026-3611
Honeywell IQ4x BMS Controller Missing authentication for cri - CVE-2026-1670
Honeywell CCTV Products Missing Authentication for Critical - CVE-2021-47868
WIN-PACK PRO 4.8 - 'WPCommandFileService' Unquoted Service P - CVE-2021-47866
WIN-PACK PRO 4.8 - 'GuardTourService' Unquoted Service Path
Same weakness: CWE-330
- CVE-2026-7847
chatchat-space Langchain-Chatchat Uploaded File openai_route - CVE-2026-40975
VMware Spring Boot 安全特征问题漏洞 - CVE-2026-40496
FreeScout has Predictable Attachment Token that Allows Unaut - CVE-2026-40306
DNN has same HostGUID for all new installs - CVE-2026-33710
Chamilo LMS has Weak REST API Key Generation (Predictable)
V. Comments for CVE-2022-43485
No comments yet