CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29897

On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.7%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 9.0

References

Products affected by CVE-2022-29897

Phoenixcontact » Rad-Ism-900-En-Bd-Bus » Version: N/A

cpe:2.3:h:phoenixcontact:rad-ism-900-en-bd-bus:-
Phoenixcontact » Rad-Ism-900-En-Bd/b » Version: N/A

cpe:2.3:h:phoenixcontact:rad-ism-900-en-bd/b:-
Phoenixcontact » Rad-Ism-900-En-Bd » Version: N/A

cpe:2.3:h:phoenixcontact:rad-ism-900-en-bd:-
Phoenixcontact » Rad-Ism-900-En-Bd-Bus Firmware » Version: N/A

cpe:2.3:o:phoenixcontact:rad-ism-900-en-bd-bus_firmware:-
Phoenixcontact » Rad-Ism-900-En-Bd/b Firmware » Version: N/A

cpe:2.3:o:phoenixcontact:rad-ism-900-en-bd/b_firmware:-
Phoenixcontact » Rad-Ism-900-En-Bd Firmware » Version: N/A

cpe:2.3:o:phoenixcontact:rad-ism-900-en-bd_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-29897

Products

Pricing

Contact Us