← Back

CVE-2022-29897

nvd nist
Published: May 11, 2022Modified: Nov 21, 2024

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitability: 2.3 / Impact: 6.0
Source: info@cert.vde.com (Secondary)

Description

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware.

Affected (3)

Phoenixcontact
3 products
Rad Ism 900 En Bd Firmware
Rad Ism 900 En Bd/b Firmware
Rad Ism 900 En Bd Bus Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rad Ism 900 En Bd Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Rad Ism 900 En Bd
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rad Ism 900 En Bd/b Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Rad Ism 900 En Bd/b
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rad Ism 900 En Bd Bus Firmware
All versions
Running on/withPlatform Versions
Phoenixcontact
Rad Ism 900 En Bd Bus
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: info@cert.vde.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.