CVE-2022-22509

HIGH

Phoenix Contact FL SWITCH Series 2xxx <3.00 - Privilege Escalation

Title source: llm

Description

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.

References (1)

Core 1

Core References

Mitigation, Third Party Advisory x_refsource_confirm

https://cert.vde.com/en/advisories/VDE-2022-001/

Scores

CVSS v3 8.8

EPSS 0.0097

EPSS Percentile 57.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (50)

phoenixcontact/fl_switch_2005_firmware 3.00

phoenixcontact/fl_switch_2008_firmware 3.00

phoenixcontact/fl_switch_2008f_firmware 3.00

phoenixcontact/fl_switch_2016_firmware 3.00

phoenixcontact/fl_switch_2105_firmware 3.00

phoenixcontact/fl_switch_2108_firmware 3.00

phoenixcontact/fl_switch_2116_firmware 3.00

phoenixcontact/fl_switch_2204-2tc-2sfx_firmware 3.00

phoenixcontact/fl_switch_2205_firmware 3.00

phoenixcontact/fl_switch_2206-2fx_firmware 3.00

... and 40 more

Published Feb 02, 2022

Tracked Since Feb 18, 2026