CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-2791

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-434 Unrestricted Upload of File with Dangerous Type, and will upload any file written into the PLC logic folder to the connected PLC.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.6%

CVSS Severity

CVSS v3 Score 5.9

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06

Products affected by CVE-2022-2791

Emerson » Proficy » Version: Any

cpe:2.3:a:emerson:proficy:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-2791

Products

Pricing

Contact Us