CVE-2022-29898
Last modified
CVE-2022-29898 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.. EPSS estimates a 0.57% chance of exploitation in the next 30 days.
Description
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Phoenixcontact | Rad-Ism-900-En-Bd Firmware | All versions |
| Phoenixcontact | Rad-Ism-900-En-Bd\/B Firmware | All versions |
| Phoenixcontact | Rad-Ism-900-En-Bd-Bus Firmware | All versions |
References
- https://cert.vde.com/en/advisories/VDE-2022-018/Vendor Advisory
- https://cert.vde.com/en/advisories/VDE-2022-018/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-29898?
How severe is CVE-2022-29898?
How do I fix CVE-2022-29898?
Are you affected by CVE-2022-29898?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST