Sign-up

ID

VAR-202007-1473


TITLE

Proficy Machine Edition has a denial of service vulnerability (CNVD-2020-32606)

Trust: 0.6

sources: CNVD: CNVD-2020-32606

DESCRIPTION

Proficy Machine Edition is a PLC programming software developed by Emerson Trading (Shanghai) Co., Ltd. It is used to design, debug, program, and maintain GE RX 3i and GE RX7i series PLCs. It is widely used in electric power, machinery manufacturing, steel, and petroleum. , Chemical and other industrial control fields. Proficy Machine Edition has a denial of service vulnerability. Attackers can use the vulnerability to send constructed malicious data packets to cause a denial of service.

Trust: 0.6

sources: CNVD: CNVD-2020-32606

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-32606

AFFECTED PRODUCTS

vendor:emerson tradingmodel:proficy machine editionscope:eqversion:9.00

Trust: 0.6

sources: CNVD: CNVD-2020-32606

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-32606
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2020-32606
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2020-32606

PATCH

title:Proficy Machine Edition has a denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/220335

Trust: 0.6

sources: CNVD: CNVD-2020-32606

EXTERNAL IDS

db:CNVDid:CNVD-2020-32606

Trust: 0.6

sources: CNVD: CNVD-2020-32606

SOURCES

db:CNVDid:CNVD-2020-32606

LAST UPDATE DATE

2022-05-04T10:25:42.464000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-32606date:2020-06-16T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-32606date:2020-07-17T00:00:00