CVE-2022-3737
Out-of-bounds Read in PHOENIX CONTACT Automationworx Software Suite
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.
En PHOENIX CONTACT Automationworx Software Suite hasta la versión 1.89 la memoria puede leerse más allá de lo previsto debido a una validación insuficiente de los datos de entrada. La disponibilidad, la integridad o la confidencialidad de una estación de trabajo de programación de aplicaciones podrían verse comprometidas por ataques que utilicen estas vulnerabilidades.
*Credits:
This vulnerability was discovered by Michael Heinzl
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-10-28 CVE Reserved
- 2022-11-15 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
- CAPEC-100: Overflow Buffers
References (1)
| URL | Tag | Source |
|---|---|---|
| https://cert.vde.com/en/advisories/VDE-2022-048 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phoenixcontact Search vendor "Phoenixcontact" | Automationworx Software Suite Search vendor "Phoenixcontact" for product "Automationworx Software Suite" | 1.89 Search vendor "Phoenixcontact" for product "Automationworx Software Suite" and version "1.89" | - |
Affected
| ||||||