CVE-2022-29898

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT RAD-ISM-900-EN-* devices (all versions of the firmware)

Description The issue arises from an improper validation of an integrity check value in the configuration file uploader of the WebUI, allowing an admin user to execute arbitrary code with root privileges on the OS. This can be exploited by a remote attacker.

Recommendations For all versions of the firmware, consider disabling the configuration file uploader in the WebUI as a temporary workaround until a patch is available. Restrict access to the WebUI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.