CVE-2022-22509 — HIGH (8.8)

Vulnerability Description

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Phoenixcontact	Fl Switch 2005 Firmware	3.00
Phoenixcontact	Fl Switch 2005	-
Phoenixcontact	Fl Switch 2008 Firmware	3.00
Phoenixcontact	Fl Switch 2008	-
Phoenixcontact	Fl Switch 2008F Firmware	3.00
Phoenixcontact	Fl Switch 2008F	-
Phoenixcontact	Fl Switch 2016 Firmware	3.00
Phoenixcontact	Fl Switch 2016	-
Phoenixcontact	Fl Switch 2105 Firmware	3.00
Phoenixcontact	Fl Switch 2105	-
Phoenixcontact	Fl Switch 2108 Firmware	3.00
Phoenixcontact	Fl Switch 2108	-
Phoenixcontact	Fl Switch 2116 Firmware	3.00
Phoenixcontact	Fl Switch 2116	-
Phoenixcontact	Fl Switch 2204-2Tc-2Sfx Firmware	3.00
Phoenixcontact	Fl Switch 2204-2Tc-2Sfx	-
Phoenixcontact	Fl Switch 2206-2Fx Firmware	3.00
Phoenixcontact	Fl Switch 2206-2Fx	-
Phoenixcontact	Fl Switch 2206-2Fx Sm Firmware	3.00
Phoenixcontact	Fl Switch 2206-2Fx Sm	-

Related Weaknesses (CWE)

CWE-269

References

https://cert.vde.com/en/advisories/VDE-2022-001/MitigationThird Party Advisory
https://cert.vde.com/en/advisories/VDE-2022-001/MitigationThird Party Advisory

FAQ

What is CVE-2022-22509?

CVE-2022-22509 is a vulnerability with a CVSS score of 8.8 (HIGH). In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.

How severe is CVE-2022-22509?

CVE-2022-22509 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-22509?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Fl Switch 2005 Firmware, Phoenixcontact Fl Switch 2005, Phoenixcontact Fl Switch 2008 Firmware, Phoenixcontact Fl Switch 2008, Phoenixcontact Fl Switch 2008F Firmware.