← back
CVE-2022-3737

Out-of-bounds Read in PHOENIX CONTACT Automationworx Software Suite

CVSS 7.8 HIGHEPSS 0.2%CWE-125
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Nov 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
PHOENIX CONTACT · Config+PHOENIX CONTACT · PC WorxPHOENIX CONTACT · PC Worx Express

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cert.vde.com/en/advisories/VDE-2022-048/