Out-of-Bounds Write Vulnerability in CX-Programmer by Siemens
CVE-2022-21124

7.8HIGH

Key Information:

Vendor
CVE Published:
10 March 2022

What is CVE-2022-21124?

An out-of-bounds write vulnerability exists in CX-Programmer versions 9.76.1 and earlier, part of the CX-One v4.60 suite. This flaw can be exploited by attackers who convince a user to open a specially crafted CXP file, potentially leading to information disclosure or allowing arbitrary code execution. The implications of this vulnerability necessitate immediate attention to secure the affected versions from possible exploitation.

Affected Version(s)

CX-Programmer CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.