CVE-2022-3461

Published: Nov 15, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: info@cert.vde.com (Secondary)

Description

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.

Affected (1)

Products: Phoenixcontact: Automationworx Software Suite

1 product

Automationworx Software Suite

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phoenixcontact Automationworx Software Suite	Version 1.89

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://cert.vde.com/en/advisories/VDE-2022-048/

Source: info@cert.vde.com

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2022-048/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.