CVE-2021-29297

low-risk
Published 2021-07-30

Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".

Do I need to act?

-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / HIGH complexity

Affected Products (1)

Proficy Machine Edition

Affected Vendors

Emerson

References (4)

Broken Link https://github.com/boofish/GE_Proficy_Machine_Edition_vul
Broken Link https://github.com/boofish/GE_Proficy_Machine_Edition_vul/blob/main/vul1/vul1_st...
Broken Link https://github.com/boofish/GE_Proficy_Machine_Edition_vul
Broken Link https://github.com/boofish/GE_Proficy_Machine_Edition_vul/blob/main/vul1/vul1_st...
23
/ 100
low-risk
Severity 17/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal