Proficy Historian Security Vulnerabilities - 2023

CVE-2022-38469

An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords.

CVE-2022-43494

An unauthorized user could be able to read any file on the system, potentially exposing sensitive information.

CVE-2022-46331

An unauthorized user could possibly delete any file on the system.

CVE-2022-46660

An unauthorized user could alter or write files with full control over the path and content of the file.

CVE-2022-46732

Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.