5 results (0.002 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol. Emerson Electrics Proficy Machine Edition versiones 9.00 y anteriores, es vulnerable a CWE-353 Falta de Soporte para la Comprobación de Integridad , y no presenta autenticación o autorización de paquetes de datos después de establecer una conexión para el protocolo SRTP. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06 • CWE-345: Insufficient Verification of Data Authenticity CWE-353: Missing Support for Integrity Check •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic. Emerson Electrics Proficy Machine Edition versiones 9.00 y anteriores, es vulnerable a CWE-345 Verificación insuficiente de la autenticidad de los datos, y puede mostrar una lógica diferente a la compilada. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06 • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files). Emerson Electrics Proficy Machine Edition versiones 9.00 y anteriores, son vulnerables a CWE-347 Verificación Inapropiada de la Firma Criptográfica, y no verifican apropiadamente la lógica compilada (archivos PDT) y los datos de los bloques de datos (archivos BLD/BLK). • https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06 • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. Emerson Electrics Proficy Machine Edition versiones 9.00 y anteriores, es vulnerable a CWE-284 Control de Acceso Inapropiado, y almacena los datos del proyecto en un directorio con listas de control de acceso inapropiadas. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06 • CWE-284: Improper Access Control •

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code. Emerson Electrics Proficy Machine Edition versiones 9.80 y anteriores, es vulnerable a CWE-29 Salto de Ruta: '\..\Filename", también se conoce como ataque ZipSlip, mediante un procedimiento de carga que permite a atacantes implantar un archivo .BLZ malicioso en el PLC. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-29: Path Traversal: '\..\filename' •