CVE-2022-2791

Name of the Vulnerable Software and Affected Versions Proficy Machine Edition versions 9.00 and prior

Description The issue is related to an unrestricted upload of files with dangerous types. This allows an attacker to upload and execute malicious files in the target system. The vulnerability is exploited by uploading any file written into the PLC logic folder to the connected PLC.

Recommendations For Proficy Machine Edition versions 9.00 and prior, consider restricting access to the PLC logic folder to prevent unauthorized file uploads until a patch is available. As a temporary workaround, avoid writing files into the PLC logic folder that could be potentially executed by the connected PLC. At the moment, there is no information about a newer version that contains a fix for this vulnerability.