CVE-2022-2793

CVE-2022-2793 affects Emerson Proficy Machine Edition 9.00 and earlier. The flaw is Missing Support for Integrity Check (CWE-353): after a connection is established for SRTP, data packets are not authenticated or authorized. The vulnerability can enable data forgery/integrity issues on the SRTP c...

CVE-2022-2793

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol...

CVE-2022-2789

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic...

CVE-2022-2789

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic...

CVE-2022-2789

CVE-2022-2789 affects Emerson Proficy Machine Edition (engineering workstation) versions 9.00 and earlier (commonly cited as 9.00 and prior; some sources reference 9.80 and prior). Root cause: insufficient verification of data authenticity, allowing the PLC logic display to differ from the compil...

CVE-2022-2790

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic PDT files and data blocks data BLD/BLK files...

CVE-2022-2790

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic PDT files and data blocks data BLD/BLK files...

CVE-2022-2790

CVE-2022-2790 affects Emerson Electric’s Proficy Machine Edition, version 9.00 and prior. The issue is an improper verification of cryptographic signatures (CWE-347) that leads to failure to properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files). Reported by multiple sour...

CVE-2022-2792

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists...

CVE-2022-2792

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists...

CVE-2022-2792

CVE-2022-2792 affects Emerson Electric’s Proficy Machine Edition, versions 9.00 and prior. The issue is CWE-284 Improper Access Control: project data is stored in a directory with improper access control lists, enabling unauthorized access to sensitive project data. The CVSSv3 base score is cited...

CVE-2022-2788

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...

CVE-2022-2788

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...

Path traversal

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...

CVE-2022-2788

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...

CVE-2022-2788

CVE-2022-2788 affects Emerson Proficy Machine Edition 9.80 and earlier. It is a ZipSlip-style path traversal via the upload procedure (..\Filename) that can plant a malicious .BLZ file on a PLC and potentially execute code when transferred to Windows. Mitigations discussed in connected sources in...

CVE-2022-2788

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...

PT-2022-18671 · Emerson Electric · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Emerson Electric's Proficy Machine Edition versions 9.00 and prior Description: The issue concerns insufficient verification of data authenticity, which can cause the software to display logic that differs from the compiled logic...

PT-2022-18697 · Emerson Electric · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Emerson Electric's Proficy Machine Edition versions 9.00 and prior Description: The issue concerns a lack of integrity check support, allowing for potential data manipulation. Specifically, after establishing a connection using the SRTP...

PT-2022-18676 · Emerson Electric · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Emerson Electric's Proficy Machine Edition versions 9.00 and prior Description: The issue arises from improper verification of cryptographic signatures, leading to a failure in properly verifying compiled logic PDT files and data blocks data...