CVE-2022-22509

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

8.8HIGH

EPSS

0.3%

top 47.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

65

Phoenixcontact FL Switch 2005 Firmware Phoenixcontact FL Switch 2008 Firmware Phoenixcontact FL Switch 2008f Firmware +62 more

Timeline

PublishedFeb 2

Latest updateFeb 3

Description

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages65 packages

▶NVDphoenixcontact/fl_switch_2005_firmware3.00

▶NVDphoenixcontact/fl_switch_2008_firmware3.00

▶NVDphoenixcontact/fl_switch_2016_firmware3.00

▶NVDphoenixcontact/fl_switch_2105_firmware3.00

▶NVDphoenixcontact/fl_switch_2108_firmware3.00

🔴Vulnerability Details

2

GHSA

GHSA-rh2h-p77p-xw9h: In Phoenix Contact FL SWITCH Series 2xxx in version 3↗2022-02-03

▶

CVEList

PHOENIX CONTACT: FL SWITCH 2xxx series incorrect privilege assignment↗2022-02-02

▶

CVE-2022-22509 (HIGH CVSS 8.8) | In Phoenix Contact FL SWITCH Series | cvebase.io