Main Vulnerability Database Vulnerabilities #VU91271

Insufficient verification of data authenticity in Emerson products - CVE-2022-30268

Published: June 7, 2024

Vulnerability identifier: #VU91271

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-30268

CWE-ID: CWE-345

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
PACSystem RXi
PACSystem RX3i
PACSystem RSTi-EP
Fanuc VersaMax

Software vendor:
Emerson

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to insufficient verification of data authenticity in the Winloader utility. An authenticated attacker can push malicious firmware images to the controller and execute arbitrary code on the target system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.cisa.gov/news-events/ics-advisories/icsa-24-158-01

Insufficient verification of data authenticity in Emerson products - CVE-2022-30268

Description

Remediation

External links

Please verify you're human