Buffer Overflow in PHOENIX CONTACT Automationworx Software Suite
CVE-2022-3461

7.8HIGH

Key Information:

Vendor: Phoenix Contact
Status: Config+; Pc Worx; Pc Worx Express
Vendor: CVE Published:; 15 November 2022

Summary

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 manipulated PC Worx or Config+ files could lead to a heap buffer overflow and a read access violation. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.

Affected Version(s)

Config+ 0 <= 1.89

PC Worx 0 <= 1.89

PC Worx Express 0 <= 1.89

References

https://cert.vde.com/en/advisories/VDE-2022-048/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2022
Vulnerability Reserved
Oct 12, 2022

Credit

This vulnerability was discovered by Michael Heinzl