PT-2022-18676 · Emerson Electric · Proficy Machine Edition
Sharon Brizinov
·
Published
2022-08-19
·
Updated
2022-08-24
·
CVE-2022-2790
CVSS v3.1
5.9
Medium
| Vector | AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Emerson Electric's Proficy Machine Edition versions 9.00 and prior
Description
The issue arises from improper verification of cryptographic signatures, leading to a failure in properly verifying compiled logic (PDT files) and data blocks data (BLD/BLK files).
Recommendations
For versions 9.00 and prior, update to a version that properly verifies cryptographic signatures to ensure the integrity of compiled logic and data blocks.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Proficy Machine Edition