CVE-2022-31801

Summary

An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTMULTIPROGAll Versionsaffected
PHOENIX CONTACTProConOSAll Versionsaffected
PHOENIX CONTACTProConOS eCLRAll Versionsaffected

Weaknesses

  • CWE-345: CWE-345 Insufficient Verification of Data Authenticity

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References