Use After Free Vulnerability in CX-Programmer by Yokogawa
CVE-2022-25230

7.8HIGH

Key Information:

Vendor
CVE Published:
7 March 2022

What is CVE-2022-25230?

A use after free vulnerability has been identified in CX-Programmer up to version 9.76.1, which is part of the CX-One suite version 4.60. This vulnerability allows an attacker to exploit the software by tricking a user into opening a specially crafted CXP file. Successful exploitation can lead to information disclosure and potential arbitrary code execution, posing significant security risks for users.

Affected Version(s)

CX-Programmer CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.