CVE-2022-22509

Home/CVE/In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user

CVE

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.

HIGH · CVSS 8.8 EPSS 0.00285

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-269Improper Privilege Management

▤

Affected Products & Versions

phoenixcontact fl switch 2005 firmwareall versions
phoenixcontact fl switch 2008 firmwareall versions
phoenixcontact fl switch 2008f firmwareall versions
phoenixcontact fl switch 2016 firmwareall versions
phoenixcontact fl switch 2105 firmwareall versions
phoenixcontact fl switch 2108 firmwareall versions
phoenixcontact fl switch 2116 firmwareall versions
phoenixcontact fl switch 2204-2tc-2sfx firmwareall versions
Show all 60 affected productsphoenixcontact fl switch 2206-2fx firmwareall versions
phoenixcontact fl switch 2206-2fx sm firmwareall versions
phoenixcontact fl switch 2206-2fx sm st firmwareall versions
phoenixcontact fl switch 2206-2fx st firmwareall versions
phoenixcontact fl switch 2206-2sfx firmwareall versions
phoenixcontact fl switch 2206-2sfx pn firmwareall versions
phoenixcontact fl switch 2206c-2fx firmwareall versions
phoenixcontact fl switch 2207-fx firmwareall versions
phoenixcontact fl switch 2207-fx sm firmwareall versions
phoenixcontact fl switch 2208 firmwareall versions
phoenixcontact fl switch 2208c firmwareall versions
phoenixcontact fl switch 2208 pn firmwareall versions
phoenixcontact fl switch 2212-2tc-2sfx firmwareall versions
phoenixcontact fl switch 2214-2fx firmwareall versions
phoenixcontact fl switch 2214-2fx sm firmwareall versions
phoenixcontact fl switch 2214-2sfx firmwareall versions
phoenixcontact fl switch 2214-2sfx pn firmwareall versions
phoenixcontact fl switch 2216 firmwareall versions
phoenixcontact fl switch 2216 pn firmwareall versions
phoenixcontact fl switch 2304-2gc-2sfp firmwareall versions
phoenixcontact fl switch 2306-2sfp firmwareall versions
phoenixcontact fl switch 2306-2sfp pn firmwareall versions
phoenixcontact fl switch 2308 firmwareall versions
phoenixcontact fl switch 2308 pn firmwareall versions
phoenixcontact fl switch 2312-2gc-2sfp firmwareall versions
phoenixcontact fl switch 2314-2sfp firmwareall versions
phoenixcontact fl switch 2314-2sfp pn firmwareall versions
phoenixcontact fl switch 2316 firmwareall versions
phoenixcontact fl switch 2316\/k1 firmwareall versions
phoenixcontact fl switch 2316 pn firmwareall versions
phoenixcontact fl switch 2404-2tc-2sfx firmwareall versions
phoenixcontact fl switch 2406-2sfx firmwareall versions
phoenixcontact fl switch 2406-2sfx pn firmwareall versions
phoenixcontact fl switch 2408 firmwareall versions
phoenixcontact fl switch 2408 pn firmwareall versions
phoenixcontact fl switch 2412-2tc-2sfx firmwareall versions
phoenixcontact fl switch 2414-2sfx firmwareall versions
phoenixcontact fl switch 2414-2sfx pn firmwareall versions
phoenixcontact fl switch 2416 firmwareall versions
phoenixcontact fl switch 2416 pn firmwareall versions
phoenixcontact fl switch 2504-2gc-2sfp firmwareall versions
phoenixcontact fl switch 2506-2sfp firmwareall versions
phoenixcontact fl switch 2506-2sfp\/k1 firmwareall versions
phoenixcontact fl switch 2506-2sfp pn firmwareall versions
phoenixcontact fl switch 2508 firmwareall versions
phoenixcontact fl switch 2508\/k1 firmwareall versions
phoenixcontact fl switch 2508 pn firmwareall versions
phoenixcontact fl switch 2512-2gc-2sfp firmwareall versions
phoenixcontact fl switch 2514-2sfp firmwareall versions
phoenixcontact fl switch 2514-2sfp pn firmwareall versions
phoenixcontact fl switch 2516 firmwareall versions
phoenixcontact fl switch 2516 pn firmwareall versions

▣

Scoring & Timeline

8.8

HIGH · CVSS v3.1 · info@cert.vde.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD02 Feb 2022 · 01:15 PM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://cert.vde.com/en/advisories/VDE-2022-001/MitigationThird Party Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin