On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2022-018/ | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Information
Published : 2022-05-11 08:15
Updated : 2022-05-20 07:16
NVD link : CVE-2022-29898
Mitre link : CVE-2022-29898
JSON object : View
CWE
CWE-354
Improper Validation of Integrity Check Value
Products Affected
phoenixcontact
- rad-ism-900-en-bd_firmware
- rad-ism-900-en-bd\/b_firmware
- rad-ism-900-en-bd-bus
- rad-ism-900-en-bd-bus_firmware
- rad-ism-900-en-bd\/b
- rad-ism-900-en-bd