CVE-2022-25234

Name of the Vulnerable Software and Affected Versions CX-Programmer versions 9.76.1 and earlier

Description The issue is related to an out-of-bounds write vulnerability that allows an attacker to cause information disclosure and/or arbitrary code execution by having a user open a specially crafted CXP file. This vulnerability is associated with a buffer overflow in memory, which can be exploited to reveal protected information or execute arbitrary code using specially formed files.

Recommendations For CX-Programmer versions 9.76.1 and earlier, update to a version later than 9.76.1 to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted CXP files until a patch is available. Restrict access to the CX-Programmer environment to minimize the risk of exploitation.