What is the vulnerability ID?

The vulnerability ID is CVE-2021-29297.

What software is affected by the vulnerability?

The vulnerability affects Emerson GE Automation Proficy Machine Edition v8.0.

What is the severity of the vulnerability?

The severity of the vulnerability is medium with a CVSS score of 5.3.

What is the Common Weakness Enumeration (CWE) of the vulnerability?

The CWEs associated with the vulnerability are CWE-119 and CWE-120.

How can an attacker exploit this vulnerability?

An attacker can exploit this vulnerability by performing a Man-in-the-Middle (MITM) attack and sending crafted traffic to the 'FrameworX.exe' component in the 'MSVCR100.dll' module.

What is the impact of this vulnerability?

The vulnerability can cause a denial of service and application crash.

What is the recommended solution for this vulnerability?

It is recommended to apply the latest patches and updates provided by Emerson to mitigate this vulnerability.

Are there any references for this vulnerability?

Yes, you can find more information about this vulnerability at the following references: [Link 1](https://github.com/boofish/GE_Proficy_Machine_Edition_vul), [Link 2](https://github.com/boofish/GE_Proficy_Machine_Edition_vul/blob/main/vul1/vul1_steps.pdf).

Vulnerability/
CVE-2021-29297

medium

5.3

CWE

120 119

30/7/2021

3/8/2024

CVE-2021-29297: Buffer Overflow

First published: Fri Jul 30 2021(Updated: )

Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component "FrameworX.exe" in the module "MSVCR100.dll".

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Emerson Proficy Machine Edition	=8.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2021-29297.
What is the title of the vulnerability?
The title of the vulnerability is 'Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a ...'
What is the description of the vulnerability?
The vulnerability is a buffer overflow in Emerson GE Automation Proficy Machine Edition v8.0, which allows an attacker to cause a denial of service and application crash via crafted traffic from a Man-in-the-Middle (MITM) attack to the component 'FrameworX.exe' in the module 'MSVCR100.dll'.
What software is affected by the vulnerability?
The vulnerability affects Emerson GE Automation Proficy Machine Edition v8.0.
What is the severity of the vulnerability?
The severity of the vulnerability is medium with a CVSS score of 5.3.
What is the Common Weakness Enumeration (CWE) of the vulnerability?
The CWEs associated with the vulnerability are CWE-119 and CWE-120.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by performing a Man-in-the-Middle (MITM) attack and sending crafted traffic to the 'FrameworX.exe' component in the 'MSVCR100.dll' module.
What is the impact of this vulnerability?
The vulnerability can cause a denial of service and application crash.
What is the recommended solution for this vulnerability?
It is recommended to apply the latest patches and updates provided by Emerson to mitigate this vulnerability.
Are there any references for this vulnerability?
Yes, you can find more information about this vulnerability at the following references: [Link 1](https://github.com/boofish/GE_Proficy_Machine_Edition_vul), [Link 2](https://github.com/boofish/GE_Proficy_Machine_Edition_vul/blob/main/vul1/vul1_steps.pdf).

collector/nvd-index
agent/weakness
agent/type
agent/description
agent/severity
agent/references
agent/author
agent/event
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/emerson
canonical/emerson proficy machine edition
version/emerson proficy machine edition/8.0