VYPR

Proficy Machine Edition

by Emerson

CVEs (9)

  • CVE-2019-16353HigSep 16, 2019
    risk 0.49cvss 7.5epss 0.01

    Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device.

  • CVE-2022-2792MedAug 19, 2022
    risk 0.43cvss 6.6epss 0.00

    Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.

  • CVE-2022-2791MedNov 22, 2022
    risk 0.38cvss 5.9epss 0.00

    Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC.

  • CVE-2022-2793MedAug 19, 2022
    risk 0.38cvss 5.9epss 0.00

    Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol.

  • CVE-2022-2790MedAug 19, 2022
    risk 0.38cvss 5.9epss 0.00

    Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).

  • CVE-2021-29298MedJul 30, 2021
    risk 0.35cvss 5.3epss 0.01

    Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe"in the module "fxVPStatcTcp.dll".

  • CVE-2021-29297MedJul 30, 2021
    risk 0.35cvss 5.3epss 0.01

    Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".

  • CVE-2022-2789MedAug 19, 2022
    risk 0.31cvss 4.7epss 0.00

    Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic.

  • CVE-2022-2788LowAug 19, 2022
    risk 0.25cvss 3.9epss 0.00

    Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer…