CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
13.1%
Emerson Electric’s Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: ‘..\Filename’, also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code.
Vendor | Product | Version | CPE |
---|---|---|---|
emerson | electric\'s_proficy | * | cpe:2.3:a:emerson:electric\'s_proficy:*:*:*:*:machine:*:*:* |