| |
Vulnerability CVE-2022-2788
Published: 2022-08-19
| Description: |
Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code. |
Type:
CWE-29 (Path Traversal: '\..\filename')
References: |
https://www.cisa.gov/uscert/ics/advisories/icsa-22-228-06
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
