CVE-2022-3737

Summary

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTConfig+0 <= 1.89affected
PHOENIX CONTACTPC Worx0 <= 1.89affected
PHOENIX CONTACTPC Worx Express0 <= 1.89affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References