CVE-2022-2790 MEDIUM

CVE-2022-2790

Vendor Emerson Electric
Product Proficy Machine Edition
Weakness CWE-347
Published August 19, 2022
Last update April 16, 2025

CVSS base score

5.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).

Key dates

02Disclosure timeline

August 19, 2022 CVE published
April 16, 2025 Record updated

Related vulnerabilities

04Related CVE