CVE-2022-30260
https://notcve.org/view.php?id=CVE-2022-30260
Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards. Emerson DeltaV Distributed Control System (DCS) tiene una verificación insuficiente de la integridad del firmware (un método de suma de verificación inadecuado y sin firma). Esto afecta a las versiones anteriores a la 14.3 de las tarjetas DeltaV serie M, DeltaV serie S, DeltaV serie P, DeltaV SIS y DeltaV CIOC/EIOC/WIOC IO. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-181-03 https://www.forescout.com/blog • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2022-2791
https://notcve.org/view.php?id=CVE-2022-2791
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC. Emerson Electric's Proficy Machine Edition Versión versión 9.00 y anteriores, es vulnerable a la carga sin restricciones CWE-434 de archivos con tipo peligroso y cargará cualquier archivo escrito en la carpeta lógica del PLC al PLC conectado. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-2793
https://notcve.org/view.php?id=CVE-2022-2793
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol. Emerson Electrics Proficy Machine Edition versiones 9.00 y anteriores, es vulnerable a CWE-353 Falta de Soporte para la Comprobación de Integridad , y no presenta autenticación o autorización de paquetes de datos después de establecer una conexión para el protocolo SRTP. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06 • CWE-345: Insufficient Verification of Data Authenticity CWE-353: Missing Support for Integrity Check •
CVE-2022-2789
https://notcve.org/view.php?id=CVE-2022-2789
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic. Emerson Electrics Proficy Machine Edition versiones 9.00 y anteriores, es vulnerable a CWE-345 Verificación insuficiente de la autenticidad de los datos, y puede mostrar una lógica diferente a la compilada. • https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2022-2790
https://notcve.org/view.php?id=CVE-2022-2790
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files). Emerson Electrics Proficy Machine Edition versiones 9.00 y anteriores, son vulnerables a CWE-347 Verificación Inapropiada de la Firma Criptográfica, y no verifican apropiadamente la lógica compilada (archivos PDT) y los datos de los bloques de datos (archivos BLD/BLK). • https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06 • CWE-347: Improper Verification of Cryptographic Signature •