Cleartext transmission of sensitive information in Emerson products - CVE-2022-30263
Published: June 7, 2024
Vulnerability identifier: #VU91265
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-30263
CWE-ID: CWE-319
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
PAC Machine Edition
PACSystem RXi
PACSystem RX3i
PACSystem RSTi-EP
PACSystem VersaMax
Fanuc VersaMax
PAC Machine Edition
PACSystem RXi
PACSystem RX3i
PACSystem RSTi-EP
PACSystem VersaMax
Fanuc VersaMax
Software vendor:
Emerson
Emerson
Description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. An attacker with physical access can intercept and modify an active connection to gain access to sensitive data.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.