{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-3737", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "requesterUserId": "267706bf-c75a-4dca-aafe-11e4a82952d7", "dateReserved": "2022-10-28T07:16:41.383Z", "datePublished": "2022-11-15T10:59:00.713Z", "dateUpdated": "2024-08-03T01:20:57.710Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Config+", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "1.89", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PC Worx", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "1.89", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "PC Worx Express", "vendor": "PHOENIX CONTACT", "versions": [{"lessThanOrEqual": "1.89", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "This vulnerability was discovered by Michael Heinzl"}], "datePublic": "2022-11-08T08:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities."}], "value": "In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2022-11-15T10:59:00.713Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-048/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to Automation Worx Software Suite > 1.89"}], "value": "Upgrade to Automation Worx Software Suite > 1.89"}], "source": {"advisory": "VDE-2022-048", "defect": ["CERT@VDE64164"], "discovery": "EXTERNAL"}, "title": "Out-of-bounds Read in PHOENIX CONTACT Automationworx Software Suite", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:20:57.710Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-048/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phoenixcontact:automationworx_software_suite:1.89:*:*:*:*:*:*:*", "matchCriteriaId": "D16C5674-97DC-477C-98D8-A93B47B625BB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities."}, {"lang": "es", "value": "En PHOENIX CONTACT Automationworx Software Suite hasta la versi\u00f3n 1.89 la memoria puede leerse m\u00e1s all\u00e1 de lo previsto debido a una validaci\u00f3n insuficiente de los datos de entrada. La disponibilidad, la integridad o la confidencialidad de una estaci\u00f3n de trabajo de programaci\u00f3n de aplicaciones podr\u00edan verse comprometidas por ataques que utilicen estas vulnerabilidades."}], "id": "CVE-2022-3737", "lastModified": "2022-11-18T05:07:25.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2022-11-15T11:15:12.457", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2022-048/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "info@cert.vde.com", "type": "Secondary"}]}

{}