Description
An improper restriction of operations within the bounds of a memory buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.
Published: 2026-03-03
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper boundary check in the driver of Portwell Engineering Toolkits version 4.8.2 allows a local authenticated user to read and write arbitrary memory. By exploiting this flaw an attacker can modify critical kernel data structures, leading to privilege escalation. The vulnerability is a classic buffer overflow (CWE‑119) and does not require remote access. Successful exploitation could also trigger a denial‑of‑service condition.

Affected Systems

Portwell Engineering Toolkits version 4.8.2 is the only affected release. The vulnerability is tied to the Portwell Engineering Toolkits driver and is present in any installation running this specific version. No other version or vendor is listed as impacted.

Risk and Exploitability

The CVSS score of 9.3 indicates high severity. With an EPSS below 1% and no listing in the CISA KEV catalog, observed exploitation remains low. The vulnerability requires a locally authenticated attacker with access to the Portwell Engineering Toolkit driver; under those conditions the risk is significant but limited to local environments. Successful exploitation can lead to privilege escalation or denial of service, potentially compromising the entire system.

Generated by OpenCVE AI on June 25, 2026 at 16:28 UTC.

Remediation

Vendor Solution

Remediation Status:    - Affected: Portwell Engineering Toolkits Version 4.8.2 and earlier    - Fixed Version: Portwell Engineering Toolkits version [v5.0.0]


OpenCVE Recommended Actions

  • Upgrade to a patched or newer version of Portwell Engineering Toolkits that resolves the driver overflow.
  • Apply least‑privilege permissions to local users and services that load the affected driver.
  • Monitor system logs for abnormal memory or driver activity and enforce driver signing or integrity checks.

Generated by OpenCVE AI on June 25, 2026 at 16:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition. An improper restriction of operations within the bounds of a memory buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Thu, 05 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Portwell engineering Toolkits
CPEs cpe:2.3:a:portwell:engineering_toolkits:4.8.2:*:*:*:*:*:*:*
Vendors & Products Portwell engineering Toolkits
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Wed, 04 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Portwell
Portwell portwell Engineering Toolkits
Vendors & Products Portwell
Portwell portwell Engineering Toolkits

Tue, 03 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 03 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.
Title Improper Restriction of Operations within the Bounds of a Memory Buffer in Portwell Engineering Toolkits
Weaknesses CWE-119
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


Subscriptions

Portwell Engineering Toolkits Portwell Engineering Toolkits
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-06-25T14:49:33.196Z

Reserved: 2026-03-02T13:08:19.404Z

Link: CVE-2026-3437

cve-icon Vulnrichment

Updated: 2026-03-03T19:02:18.205Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T18:16:25.953

Modified: 2026-06-17T10:43:35.330

Link: CVE-2026-3437

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T16:30:15Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer