Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT
CVE-2022-29898

9.1CRITICAL

Key Information:

Vendor
Phoenix Contact
Status
Rad-ism-900-en-bd/b
Rad-ism-900-en-bd
Rad-ism-900-en-bd-bus
Vendor
CVE Published:
11 May 2022

Summary

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.

Affected Version(s)

RAD-ISM-900-EN-BD All Versions

RAD-ISM-900-EN-BD-BUS All Versions

RAD-ISM-900-EN-BD/B All Versions

References

https://cert.vde.com/en/advisories/VDE-2022-018/
x_refsource_CONFIRM

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

The vulnerabilities were discovered and reported by Logan Carpenter of DRAGOS.
.
CVE-2022-29898 : Remote Code Execution in all versions of various RAD-ISM-900-EN-* devices by PHOENIX CONTACT | SecurityVulnerability.io