Proficy Machine Edition Version 9.80 and priorģ.2 VULNERABILITY OVERVIEW 3.2.1 MISSING SUPPORT FOR INTEGRITY CHECK CWE-353.The following versions of Proficy Machine Edition, an engineering workstation that is part of the PACSystems control system software platform, are affected: Successful exploitation of these vulnerabilities could allow for remote hidden code execution on the connected programmable logic controller (PLC) and for malicious files to be uploaded from the PLC to connected workstations. Vulnerabilities: Missing Support for Integrity Check, Improper Access Control, Unrestricted Upload of File with Dangerous Type, Improper Verification of Cryptographic Signature, Insufficient Verification of Data Authenticity, Path Traversal: ‘\.\filename’.ATTENTION: Exploitable remotely/Low attack complexity.
0 Comments
Leave a Reply. |