CVE-2022-3461

CWE-119 — Buffer Overflow3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 80.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact Config+Phoenix Contact PC Worx Phoenix Contact PC Worx Express +1 more

Timeline

PublishedNov 15

Description

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDphoenixcontact/automationworx_software_suite1.89

▶CVEListV5phoenix_contact/config+1.89

▶CVEListV5phoenix_contact/pc_worx1.89

▶CVEListV5phoenix_contact/pc_worx_express1.89

🔴Vulnerability Details

GHSA

GHSA-32wr-8j36-fgw8: In PHOENIX CONTACT Automationworx Software Suite up to version 1↗2022-11-15

▶

CVEList

Buffer Overflow in PHOENIX CONTACT Automationworx Software Suite↗2022-11-15

▶