CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ICS•added 2022/08/16 12:0 a.m.•63 views

Emerson Proficy Machine Edition

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Emerson Equipment: Proficy Machine Edition Vulnerabilities: Missing Support for Integrity Check, Improper Access Control, Unrestricted Upload of File with Dangerous Type, Improper Verification of...

7.8CVSS6.9AI score0.00107EPSS

Positive Technologies•added 2022/08/16 12:0 a.m.•6 views

PT-2022-4364 · Ge Digital · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Proficy Machine Edition versions 9.00 and prior Description: The issue is related to an unrestricted upload of files with dangerous types. This allows an attacker to upload and execute malicious files in the target system. The vulnerability i...

7.8CVSS7.4AI score0.00048EPSS

Exploits0References6

CNNVD•added 2022/08/16 12:0 a.m.•2 views

Emerson Proficy Machine Edition 安全漏洞

Emerson Proficy Machine Edition is a software application from Emerson Electric USA, Inc. an automation solution. A security vulnerability exists in Emerson Proficy Machine Edition version 9.00 and prior versions, which stems from storing project data in a directory with incorrect access control...

7.5CVSS7.3AI score0.00107EPSS

CNNVD•added 2022/08/16 12:0 a.m.•3 views

Emerson Proficy Machine Edition 代码问题漏洞

Emerson Proficy Machine Edition is a software application from Emerson Electric USA, Inc. An automation solution. A code issue vulnerability exists in Emerson Proficy Machine Edition 9.00 and prior versions that originates from uploading any file written to the PLC logical folder to a connected P...

7.8CVSS7.5AI score0.00048EPSS

CNNVD•added 2022/08/16 12:0 a.m.•6 views

Emerson Proficy Machine Edition 路径遍历漏洞

Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A security vulnerability exists in Emerson Proficy Machine Edition versions 9.80 and earlier, which stems from an easy ZipSlip attack via the uploader program, which allows an attacker to plant a maliciou...

7.3CVSS7.3AI score0.00099EPSS

Positive Technologies•added 2022/08/16 12:0 a.m.•4 views

PT-2022-4239 · Ge Digital · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Proficy Machine Edition versions 9.80 and prior Description: The issue is related to a Path Traversal vulnerability, also known as a ZipSlip attack, which allows attackers to implant a malicious .BLZ file on the PLC through an upload procedur...

9.4CVSS7.4AI score0.00099EPSS

Exploits0References6

Exploit DB•added 2022/02/16 12:0 a.m.•248 views

Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path

Exploit Title: Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-13 Vendor Homepage: https://www.emerson.com/en-us Software Link : https://www.opertek.com/descargar-software/?prc=326 Tested Version: 9.80 Build 869...

7.4AI score

Exploits0

OSV•added 2021/07/30 7:15 p.m.•3 views

CVE-2021-29297

Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle MITM attack to the component "FrameworX.exe" in the module "MSVCR100.dll"...

5.3CVSS6AI score0.00332EPSS

NVD•added 2021/07/30 7:15 p.m.•10 views

CVE-2021-29297

5.3CVSS0.00332EPSS

NVD•added 2021/07/30 7:15 p.m.•8 views

CVE-2021-29298

Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle MITM attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll"...

5.3CVSS0.00285EPSS

OSV•added 2021/07/30 7:15 p.m.•2 views

CVE-2021-29298

5.3CVSS5.7AI score0.00285EPSS

Prion•added 2021/07/30 7:15 p.m.•15 views

Buffer overflow

2.6CVSS5.3AI score0.00332EPSS

Prion•added 2021/07/30 7:15 p.m.•8 views

Input validation

2.6CVSS5.2AI score0.00285EPSS

CVE•added 2021/07/30 6:20 p.m.•80 views

CVE-2021-29298

CVE-2021-29298 affects Emerson GE Automation Proficy Machine Edition v8.0. The issue arises from improper input validation in the FrameworX.exe component within the fxVPStatcTcp.dll module, enabling an attacker to trigger a denial of service and application crash via crafted traffic delivered ove...

5.3CVSS5.2AI score0.00285EPSS

Cvelist•added 2021/07/30 6:20 p.m.•11 views

CVE-2021-29298

5.5AI score0.00285EPSS

CVE•added 2021/07/30 6:20 p.m.•79 views

CVE-2021-29297

CVE-2021-29297 affects Emerson GE Automation Proficy Machine Edition (v8.0). The vulnerability is a buffer overflow in the FrameworX.exe component within MSVCR100.dll that can be triggered by crafted traffic from a Man-in-the-Middle (MITM) attack, potentially causing a denial of service and appli...

5.3CVSS5.2AI score0.00332EPSS

CNNVD•added 2021/07/30 12:0 a.m.•1 views

Emerson GE Automation Proficy Machine 缓冲区错误漏洞

Emerson GE Automation Proficy Machine Edition is an application from emerson, Inc. An automation solution. A buffer error vulnerability exists in Emerson GE Automation Proficy Machine that originates from a buffer overflow in Emerson GE Automation Proficy Machine Edition v8.0. The vulnerability c...

5.3CVSS5.9AI score0.00332EPSS

CNNVD•added 2021/07/30 12:0 a.m.•2 views

Emerson GE Automation Proficy Machine 输入验证错误漏洞

Emerson GE Automation Proficy Machine Edition is an application of emerson Inc. an automation solution. An automation solution, an input validation error vulnerability exists in Emerson GE Automation Proficy Machine due to incorrect input validation in Emerson GE Automation Proficy Machine Editio...

5.3CVSS5.5AI score0.00285EPSS