CVE-2022-3737

{"id": "CVE-2022-3737", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2022-11-15T11:15:12.457", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-048/", "tags": ["Third Party Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Secondary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities."}, {"lang": "es", "value": "En PHOENIX CONTACT Automationworx Software Suite hasta la versi\u00f3n 1.89 la memoria puede leerse m\u00e1s all\u00e1 de lo previsto debido a una validaci\u00f3n insuficiente de los datos de entrada. La disponibilidad, la integridad o la confidencialidad de una estaci\u00f3n de trabajo de programaci\u00f3n de aplicaciones podr\u00edan verse comprometidas por ataques que utilicen estas vulnerabilidades."}], "lastModified": "2022-11-18T05:07:25.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phoenixcontact:automationworx_software_suite:1.89:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D16C5674-97DC-477C-98D8-A93B47B625BB"}], "operator": "OR"}]}], "sourceIdentifier": "info@cert.vde.com"}