Sign-up

ID

VAR-202007-1490


TITLE

Proficy Machine Edition has a denial of service vulnerability (CNVD-2020-32607)

Trust: 0.6

sources: CNVD: CNVD-2020-32607

DESCRIPTION

Proficy Machine Edition is a PLC programming software developed by Emerson Trading (Shanghai) Co., Ltd. It is used to design, debug, program, and maintain GE RX 3i and GE RX7i series PLCs. It is widely used in electric power, machinery manufacturing, steel, and petroleum. , Chemical and other industrial control fields. Proficy Machine Edition has a denial of service vulnerability. Attackers can use the vulnerability to send constructed malicious data packets to cause a denial of service.

Trust: 0.6

sources: CNVD: CNVD-2020-32607

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-32607

AFFECTED PRODUCTS

vendor:emerson tradingmodel:proficy machine editionscope:eqversion:9.00

Trust: 0.6

sources: CNVD: CNVD-2020-32607

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2020-32607
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2020-32607
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2020-32607

PATCH

title:Proficy Machine Edition has a denial of service vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/220165

Trust: 0.6

sources: CNVD: CNVD-2020-32607

EXTERNAL IDS

db:CNVDid:CNVD-2020-32607

Trust: 0.6

sources: CNVD: CNVD-2020-32607

SOURCES

db:CNVDid:CNVD-2020-32607

LAST UPDATE DATE

2022-05-04T09:59:48.103000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-32607date:2020-06-16T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-32607date:2020-07-17T00:00:00