CVE-2022-2793
 
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol.
Emerson Electrics Proficy Machine Edition versiones 9.00 y anteriores, es vulnerable a CWE-353 Falta de Soporte para la Comprobación de Integridad , y no presenta autenticación o autorización de paquetes de datos después de establecer una conexión para el protocolo SRTP.
*Credits:
Sharon Brizinov of Claroty reported this vulnerability to Emerson and CISA
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-11 CVE Reserved
- 2022-08-19 CVE Published
- 2024-03-11 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-345: Insufficient Verification of Data Authenticity
- CWE-353: Missing Support for Integrity Check
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Emerson Search vendor "Emerson" | Electric\'s Proficy Search vendor "Emerson" for product "Electric\'s Proficy" | <= 9.0.0 Search vendor "Emerson" for product "Electric\'s Proficy" and version " <= 9.0.0" | machine |
Affected
|