Emerson Electric's Proficy Machine Edition Version 9.80 and prior: Path Traversal Vulnerability Enables Malicious Code Execution

Emerson Electric's Proficy Machine Edition Version 9.80 and prior: Path Traversal Vulnerability Enables Malicious Code Execution

CVE-2022-2788 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code.

Learn more about our Web Application Penetration Testing UK.