CVE-2022-3461

Summary

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTConfig+0 <= 1.89affected
PHOENIX CONTACTPC Worx0 <= 1.89affected
PHOENIX CONTACTPC Worx Express0 <= 1.89affected

Weaknesses

  • CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References