CVE-2021-29298

Name of the Vulnerable Software and Affected Versions Emerson GE Automation Proficy Machine Edition version 8.0

Description The issue is related to improper input validation in the component "FrameworX.exe" within the module "fxVPStatcTcp.dll". This can be exploited by an attacker via a Man-in-the-Middle (MITM) attack using crafted traffic, potentially leading to a denial of service and application crash. The vulnerability is associated with insufficient input data validation when processing the dynamic library fxVPStatcTcp.dll, which could allow a remote attacker to cause a denial of service.

Recommendations For Emerson GE Automation Proficy Machine Edition version 8.0, consider disabling the "FrameworX.exe" component or restricting access to the "fxVPStatcTcp.dll" module as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.