78 matches found
CVE-2022-2790
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic PDT files and data blocks data BLD/BLK files...
CVE-2022-2792
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists...
CVE-2022-2792
CVE-2022-2792 affects Emerson Electric’s Proficy Machine Edition, versions 9.00 and prior. The issue is CWE-284 Improper Access Control: project data is stored in a directory with improper access control lists, enabling unauthorized access to sensitive project data. The CVSSv3 base score is cited...
CVE-2022-2792
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists...
CVE-2022-2788
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...
Path traversal
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...
CVE-2022-2788
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...
CVE-2022-2788
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...
CVE-2022-2788
CVE-2022-2788 affects Emerson Proficy Machine Edition 9.80 and earlier. It is a ZipSlip-style path traversal via the upload procedure (..\Filename) that can plant a malicious .BLZ file on a PLC and potentially execute code when transferred to Windows. Mitigations discussed in connected sources in...
PT-2022-18676 · Emerson Electric · Proficy Machine Edition
Name of the Vulnerable Software and Affected Versions: Emerson Electric's Proficy Machine Edition versions 9.00 and prior Description: The issue arises from improper verification of cryptographic signatures, leading to a failure in properly verifying compiled logic PDT files and data blocks data...
PT-2022-18697 · Emerson Electric · Proficy Machine Edition
Name of the Vulnerable Software and Affected Versions: Emerson Electric's Proficy Machine Edition versions 9.00 and prior Description: The issue concerns a lack of integrity check support, allowing for potential data manipulation. Specifically, after establishing a connection using the SRTP...
PT-2022-18671 · Emerson Electric · Proficy Machine Edition
Name of the Vulnerable Software and Affected Versions: Emerson Electric's Proficy Machine Edition versions 9.00 and prior Description: The issue concerns insufficient verification of data authenticity, which can cause the software to display logic that differs from the compiled logic...
The vulnerability of the Proficy Machine Edition programming software for programmable logic controllers arises from incorrect restrictions on the path name to the restricted access directory. This allows a perpetrator to execute arbitrary code.
The vulnerability of the Proficy Machine Edition programming software is related to incorrect restrictions on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted .BLZ file...
Emerson Proficy Machine Edition 代码问题漏洞
Emerson Proficy Machine Edition is a software application from Emerson Electric USA, Inc. An automation solution. A code issue vulnerability exists in Emerson Proficy Machine Edition 9.00 and prior versions that originates from uploading any file written to the PLC logical folder to a connected P...
PT-2022-4364 · Ge Digital · Proficy Machine Edition
Name of the Vulnerable Software and Affected Versions: Proficy Machine Edition versions 9.00 and prior Description: The issue is related to an unrestricted upload of files with dangerous types. This allows an attacker to upload and execute malicious files in the target system. The vulnerability i...
Emerson Proficy Machine Edition 数据伪造问题漏洞
Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A data forgery issue vulnerability exists in Emerson Proficy Machine Edition version 9.00 and prior versions, which stems from the lack of authentication or authorization of packets after a connection is...
PT-2022-4239 · Ge Digital · Proficy Machine Edition
Name of the Vulnerable Software and Affected Versions: Proficy Machine Edition versions 9.80 and prior Description: The issue is related to a Path Traversal vulnerability, also known as a ZipSlip attack, which allows attackers to implant a malicious .BLZ file on the PLC through an upload procedur...
Emerson Proficy Machine Edition
1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Emerson Equipment: Proficy Machine Edition Vulnerabilities: Missing Support for Integrity Check, Improper Access Control, Unrestricted Upload of File with Dangerous Type, Improper Verification of...
CVE-2021-29298
Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle MITM attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll"...
CVE-2021-29298
Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle MITM attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll"...