CVE-2022-50930

HIGH8.5

Emerson PAC Machine Edition 9.80 Build 8695 - 'TrapiServer' Unquoted Service Path

Published Jan 13, 2026

Modified Yesterday

No fix available

Details

Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.

References

ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2022-50930 WEBhttps://www.emerson.com/en-us DETECTIONhttps://www.exploit-db.com/exploits/50745 WEBhttps://www.opertek.com/descargar-software/?prc=_326 ADVISORYhttps://www.vulncheck.com/advisories/emerson-pac-machine-edition-build-trapiserver-unquoted-service-path

CVSS Analysis

CVSS v3.1

8.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

8.4/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Other

CWE-428

Ecosystems

Timeline

PublishedJan 13, 2026

ModifiedJan 13, 2026