Vulnerabilities > CVE-2022-29898 - Unspecified vulnerability in Phoenixcontact products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

phoenixcontact

NVD

Published: 2022-05-11

Updated: 2024-11-21

Summary

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.

Vulnerable Configurations

Part	Description	Count
OS	Phoenixcontact Phoenixcontact RAD ISM 900 EN BD Firmware * Phoenixcontact RAD ISM 900 EN Bd/B Firmware * Phoenixcontact RAD ISM 900 EN BD BUS Firmware *	3
Hardware	Phoenixcontact Phoenixcontact RAD ISM 900 EN BD - Phoenixcontact RAD ISM 900 EN Bd/B - Phoenixcontact RAD ISM 900 EN BD BUS -	3

References

https://cert.vde.com/en/advisories/VDE-2022-018/
https://cert.vde.com/en/advisories/VDE-2022-018/