CVE-2021-29297 Information

Description

Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component \FrameworX.exe\ in the module \MSVCR100.dll.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Reference

https://github.com/boofish/GE_Proficy_Machine_Edition_vul https://github.com/boofish/GE_Proficy_Machine_Edition_vul/blob/main/vul1/vul1_steps.pdf

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.3