CVE-2022-22509

high-risk

Published 2022-02-02

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.

Do I need to act?

-

0.29% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

8

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Fl Switch 2005 Firmware

Fl Switch 2008 Firmware

Fl Switch 2008F Firmware

Fl Switch 2016 Firmware

Fl Switch 2105 Firmware

Fl Switch 2108 Firmware

Fl Switch 2116 Firmware

Fl Switch 2204-2Tc-2Sfx Firmware

Fl Switch 2206-2Fx Firmware

Fl Switch 2206-2Fx Sm Firmware

Fl Switch 2206-2Fx Sm St Firmware

Fl Switch 2206-2Fx St Firmware

Fl Switch 2206-2Sfx Firmware

Fl Switch 2206-2Sfx Pn Firmware

Fl Switch 2206C-2Fx Firmware

Fl Switch 2207-Fx Firmware

Fl Switch 2207-Fx Sm Firmware

Fl Switch 2208 Firmware

Fl Switch 2208C Firmware

Fl Switch 2208 Pn Firmware

Affected Vendors

Phoenixcontact

References (2)

Mitigation https://cert.vde.com/en/advisories/VDE-2022-001/

Mitigation https://cert.vde.com/en/advisories/VDE-2022-001/

58

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 27/34 · High