Description
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://cert.vde.com/en/advisories/VDE-2022-018/
Scores
CVSS v3
9.1
EPSS
0.0057
EPSS Percentile
42.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-354
Status
published
Products (3)
phoenixcontact/rad-ism-900-en-bd-bus_firmware
phoenixcontact/rad-ism-900-en-bd\/b_firmware
phoenixcontact/rad-ism-900-en-bd_firmware
Published
May 11, 2022
Tracked Since
Feb 18, 2026