Lucene search
+L

78 matches found

Cvelist
Cvelist
added 2022/08/19 10:32 p.m.28 views

CVE-2022-2790

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic PDT files and data blocks data BLD/BLK files...

5.9CVSS6AI score0.00128EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/08/19 10:8 p.m.6 views

CVE-2022-2792

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists...

6.6CVSS6.8AI score0.00365EPSS
Exploits0References1
CVE
CVE
added 2022/08/19 10:8 p.m.56 views

CVE-2022-2792

CVE-2022-2792 affects Emerson Electric’s Proficy Machine Edition, versions 9.00 and prior. The issue is CWE-284 Improper Access Control: project data is stored in a directory with improper access control lists, enabling unauthorized access to sensitive project data. The CVSSv3 base score is cited...

7.5CVSS7.5AI score0.00365EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/19 10:8 p.m.29 views

CVE-2022-2792

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists...

6.6CVSS7.7AI score0.00365EPSS
Exploits0References1
NVD
NVD
added 2022/08/19 9:15 p.m.25 views

CVE-2022-2788

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...

7.3CVSS0.00228EPSS
Exploits0References1
Prion
Prion
added 2022/08/19 9:15 p.m.19 views

Path traversal

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...

4.1CVSS7.2AI score0.00228EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/19 8:56 p.m.31 views

CVE-2022-2788

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...

3.9CVSS7.3AI score0.00228EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/08/19 8:56 p.m.10 views

CVE-2022-2788

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering...

3.9CVSS6.8AI score0.00228EPSS
Exploits0References1
CVE
CVE
added 2022/08/19 8:56 p.m.66 views

CVE-2022-2788

CVE-2022-2788 affects Emerson Proficy Machine Edition 9.80 and earlier. It is a ZipSlip-style path traversal via the upload procedure (..\Filename) that can plant a malicious .BLZ file on a PLC and potentially execute code when transferred to Windows. Mitigations discussed in connected sources in...

7.3CVSS7.1AI score0.00228EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/19 12:0 a.m.8 views

PT-2022-18676 · Emerson Electric · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Emerson Electric's Proficy Machine Edition versions 9.00 and prior Description: The issue arises from improper verification of cryptographic signatures, leading to a failure in properly verifying compiled logic PDT files and data blocks data...

5.9CVSS5.6AI score0.00128EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/19 12:0 a.m.7 views

PT-2022-18697 · Emerson Electric · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Emerson Electric's Proficy Machine Edition versions 9.00 and prior Description: The issue concerns a lack of integrity check support, allowing for potential data manipulation. Specifically, after establishing a connection using the SRTP...

7.8CVSS7.6AI score0.00138EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/08/19 12:0 a.m.6 views

PT-2022-18671 · Emerson Electric · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Emerson Electric's Proficy Machine Edition versions 9.00 and prior Description: The issue concerns insufficient verification of data authenticity, which can cause the software to display logic that differs from the compiled logic...

5.5CVSS5.3AI score0.00117EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/08/18 12:0 a.m.8 views

The vulnerability of the Proficy Machine Edition programming software for programmable logic controllers arises from incorrect restrictions on the path name to the restricted access directory. This allows a perpetrator to execute arbitrary code.

The vulnerability of the Proficy Machine Edition programming software is related to incorrect restrictions on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted .BLZ file...

9.4CVSS7.6AI score0.00228EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.5 views

Emerson Proficy Machine Edition 代码问题漏洞

Emerson Proficy Machine Edition is a software application from Emerson Electric USA, Inc. An automation solution. A code issue vulnerability exists in Emerson Proficy Machine Edition 9.00 and prior versions that originates from uploading any file written to the PLC logical folder to a connected P...

7.8CVSS7.5AI score0.0018EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/16 12:0 a.m.10 views

PT-2022-4364 · Ge Digital · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Proficy Machine Edition versions 9.00 and prior Description: The issue is related to an unrestricted upload of files with dangerous types. This allows an attacker to upload and execute malicious files in the target system. The vulnerability i...

7.8CVSS7.4AI score0.0018EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/08/16 12:0 a.m.6 views

Emerson Proficy Machine Edition 数据伪造问题漏洞

Emerson Proficy Machine Edition is an application from Emerson, Inc. an automation solution. A data forgery issue vulnerability exists in Emerson Proficy Machine Edition version 9.00 and prior versions, which stems from the lack of authentication or authorization of packets after a connection is...

7.8CVSS7.3AI score0.00138EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/16 12:0 a.m.8 views

PT-2022-4239 · Ge Digital · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Proficy Machine Edition versions 9.80 and prior Description: The issue is related to a Path Traversal vulnerability, also known as a ZipSlip attack, which allows attackers to implant a malicious .BLZ file on the PLC through an upload procedur...

9.4CVSS7.4AI score0.00228EPSS
Exploits0References6
ICS
ICS
added 2022/08/16 12:0 a.m.68 views

Emerson Proficy Machine Edition

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Emerson Equipment: Proficy Machine Edition Vulnerabilities: Missing Support for Integrity Check, Improper Access Control, Unrestricted Upload of File with Dangerous Type, Improper Verification of...

7.8CVSS6.9AI score0.00365EPSS
Exploits0References4
NVD
NVD
added 2021/07/30 7:15 p.m.11 views

CVE-2021-29298

Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle MITM attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll"...

5.3CVSS0.00775EPSS
Exploits0References2
OSV
OSV
added 2021/07/30 7:15 p.m.3 views

CVE-2021-29298

Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle MITM attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll"...

5.3CVSS5.7AI score0.00775EPSS
Exploits0References2
Rows per page
Query Builder