CVE-2022-3737

HIGH

PHOENIX CONTACT Automationworx Software Suite <= 1.89 - Out-of-bounds Read

Title source: llm
STIX 2.1

Description

In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities.

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0020
EPSS Percentile 10.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-125
Status published
Products (1)
phoenixcontact/automationworx_software_suite 1.89
Published Nov 15, 2022
Tracked Since Feb 18, 2026