CVE-2022-2793

Summary

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol.

Affected Software

VendorProductVersion RangeStatus
Emerson ElectricProficy Machine Editionall <= 9.00affected

Weaknesses

  • CWE-353: CWE-353 Missing Support for Integrity Check

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References