EVENT:

North America Forum – Join us in Chicago, May 14–15, for top-tier OT security strategies, sessions and workshops.

Register Now
Skip to main content
Security Advisory

PHOENIX CONTACT’s RAD-ISM-900-EN-BD Devices

Risk Information

Limited Threat

CVE ID

CVE-2022-29898

CVE-2022-29897

Vunerability Type

RCE and Unrestricted File Upload via Configuration Uploader

RCE via Traceroute Utility

CVSS3 Score

9.1

9.1

CVSSv3 Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

Affecting

  • RAD-ISM-900-EN-BD: all versions
  • RAD-ISM-900-EN-BD/B: all versions
  • RAD-ISM-900-EN-BD-BUS: all versions

    • Mitigation

    PHOENIX CONTACT states this family of products has reached End-of-Life and will not be patched.

    05/11/2022