# CVE-2022-28944
> EMCO Software Multiple Products Unauthenticated Update Remote Code Execution Vulnerability.

Usage: `python3`

Details in the report at [](

## Steps to reproduce
1. Install an affected product of EMCO Software;
2. Set spoof `` to our attacker ip;
    * For a proof-of-concept edit `c:\windows\system32\drivers\etc\hosts` on target.
        - Note: attackers may e.g. use:
            + poorly configured routers/switches/DNS,
            + DNS spoof / cache poisoning,
            + ARP spoof / cache poisoning.
3. Compile `proof.c` on the attacker, e.g. using `i686-w64-mingw32-gcc proof.c -o proof.exe`;
#include <windows.h>
int main(int argc, char const *argv[]){	
	return TRUE;
4. Generate self-signed certificates;
   * e.g. using `openssl req -new -x509 -keyout -out -days 365 -nodes -subj "/"`
5. Run the proof-of-concept script;
6. Start the affected product of EMCO Software and either
    * wait a day to trigger update automatically, or
    * trigger the update manually through the application menu;
7. Accept the update in the Update Wizard.
    * Attackers will use a persuasive update description to convince a target to accept the update.