CVE-2022-2793

Name of the Vulnerable Software and Affected Versions Emerson Electric's Proficy Machine Edition versions 9.00 and prior

Description The issue concerns a lack of integrity check support, allowing for potential data manipulation. Specifically, after establishing a connection using the SRTP protocol, there is no authentication or authorization of data packets.

Recommendations For versions 9.00 and prior, consider implementing additional integrity check mechanisms to ensure the authenticity of data packets after a connection is established. As a temporary workaround, restrict access to the SRTP protocol to minimize the risk of exploitation.