Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2789PUBLISHED: 2022-08-19Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic.
CVE-2022-2790PUBLISHED: 2022-08-19Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).
CVE-2022-2792PUBLISHED: 2022-08-19Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.
CVE-2022-2793PUBLISHED: 2022-08-19Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol.
CVE-2022-35554PUBLISHED: 2022-08-19Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.
User Rank: Ninja
9/29/2014 | 8:13:49 AM
you can't steal what isn't there -- and thus Apple's aporoach is and even better step
the underlying problem remains though
we keep attacking encryption and passwords when the actual problem is AUTHENTICATION particularly of softwtwware updates.
by this time we all know: if your phone is hacked -- the hacker will likely have access to your payments mechanism -- if you have one on a "smart" phone
sometimes i wonder just how "smart" these gadgets are...