Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC.
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol.
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic.
| CVE ID ⇅ | Severity ↓ | Description | |
|---|---|---|---|
| CVE-2022-2792 | MEDIUM | Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper … | › |
| CVE-2022-2791 | MEDIUM | Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestric… | › |
| CVE-2022-2793 | MEDIUM | Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing S… | › |
| CVE-2022-2790 | MEDIUM | Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper … | › |
| CVE-2022-2789 | MEDIUM | Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insuffici… | › |