CVE-2022-3737

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.8HIGH

EPSS

0.1%

top 81.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phoenix Contact Config+Phoenix Contact PC Worx Phoenix Contact PC Worx Express +1 more

Timeline

PublishedNov 15

Description

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDphoenixcontact/automationworx_software_suite1.89

▶CVEListV5phoenix_contact/config+1.89

▶CVEListV5phoenix_contact/pc_worx1.89

▶CVEListV5phoenix_contact/pc_worx_express1.89

🔴Vulnerability Details

CVEList

Out-of-bounds Read in PHOENIX CONTACT Automationworx Software Suite↗2022-11-15

▶

GHSA

GHSA-r2cg-cw4r-gcx4: In PHOENIX CONTACT Automationworx Software Suite up to version 1↗2022-11-15

▶