Exploiting Honeywell ControlEdge VirtualUOC

Team82 discovered multiple vulnerabilities in Honeywell ControlEdge Virtual UOC's proprietary EpicMo protocol (TCP/55565) that allow unauthenticated arbitrary file writes and lead to pre-auth remote code execution (CVE-2023-5389). The researchers demonstrated a PoC by uploading and replacing a shared object (/lib/libcap.so.2) to achieve RCE, and Honeywell has issued updates while CISA published advisories.