Security Advisory

PHOENIX CONTACT’s RAD-ISM-900-EN-BD Devices

Risk Information

Limited Threat

CVE ID

CVE-2022-29898

CVE-2022-29897

Vunerability Type

RCE and Unrestricted File Upload via Configuration Uploader

RCE via Traceroute Utility

CVSS3 Score

9.1

CVSSv3 Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

RAD-ISM-900-EN-BD: all versions

RAD-ISM-900-EN-BD/B: all versions

RAD-ISM-900-EN-BD-BUS: all versions

PHOENIX CONTACT states this family of products has reached End-of-Life and will not be patched.

05/11/2022