On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware.

Related CVEs

CVE-2022-29898

Key Information

GHSA ID

GHSA-gg9m-7hf2-hmp9

Published

May 12, 2022 12:01 AM

Last Modified

May 12, 2022 12:01 AM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.