CVE-2021-29298 Information

Description

Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component \FrameworX.exe\in the module xVPStatcTcp.dll.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Reference

https://github.com/boofish/GE_Proficy_Machine_Edition_vul https://github.com/boofish/GE_Proficy_Machine_Edition_vul/blob/main/vul2/vul2_steps.pdf

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

5.3