PT-2022-18691 · Emerson Electric · Proficy Machine Edition
Sharon Brizinov
·
Published
2022-08-19
·
Updated
2023-06-28
·
CVE-2022-2792
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Emerson Electric's Proficy Machine Edition versions 9.00 and prior
Description
The issue concerns improper access control, where project data is stored in a directory with improper access control lists, potentially allowing unauthorized access.
Recommendations
For versions 9.00 and prior, consider restricting access to the project data directory until a fix is available. As a temporary workaround, review and adjust the access control lists for the directory to ensure proper access control.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Proficy Machine Edition