PT-2022-23949 · Phoenix Contact · Automationworx Software Suite
Michael Heinzl
·
Published
2022-11-15
·
Updated
2022-11-18
·
CVE-2022-3737
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHOENIX CONTACT Automationworx Software Suite versions up to 1.89
Description
The issue is caused by insufficient validation of input data, allowing memory to be read beyond the intended scope. This could compromise the availability, integrity, or confidentiality of an application programming workstation, making it vulnerable to attacks.
Recommendations
For PHOENIX CONTACT Automationworx Software Suite versions up to 1.89, update to a version later than 1.89 to resolve the issue.
At the moment, there is no information about additional mitigation measures for this specific version.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Automationworx Software Suite