CVE-2022-2788
CVE-2022-2788
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Produtos afetados
Emerson Electric · Proficy Machine EditionQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →