CVE-2022-29897

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT RAD-ISM-900-EN-* devices (all versions of the firmware)

Description The issue arises from an improper input validation in the traceroute utility integrated in the WebUI, allowing an admin user to execute arbitrary code with root privileges on the OS. This can be exploited by a remote attacker.

Recommendations For all versions of the firmware, consider disabling the traceroute utility in the WebUI as a temporary workaround until a patch is available. Restrict access to the WebUI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.