PHOENIX CONTACT: FL SWITCH 2xxx series incorrect privilege assignment

Plan Patch8.8VDE-2022-001Jan 25, 2022

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The user management system in FL SWITCH 2xxx family devices (firmware version 3.00) incorrectly assigns unprivileged SSH users to the admin role, granting them full configuration access regardless of their configured access role. This privilege escalation affects all SSH CLI logins on firmware 3.00. The vulnerability was introduced with user management support in firmware 3.00 and does not affect other firmware versions.

What this means

What could happen

An attacker with unprivileged SSH credentials could gain administrative access to the switch, modify network configurations, change VLAN settings, redirect traffic, or disable security features, potentially disrupting network connectivity for critical infrastructure systems like water treatment or power distribution.

Who's at risk

Water utilities and electric utilities operating FL SWITCH 2xxx series managed industrial Ethernet switches for network backbone, SCADA network connectivity, or control system communications. Any facility using these switches for critical infrastructure networking should assess their firmware versions and access controls immediately.

How it could be exploited

An attacker with any valid SSH user account on an affected switch running firmware 3.00 can log in via SSH CLI and will be automatically granted admin role privileges. With these privileges, they can reconfigure the switch, access sensitive network settings, and modify the device behavior without needing higher-level credentials.

Prerequisites

Valid SSH user credentials (any user account on the device)
Network access to SSH port 22 on the switch
Device running FL SWITCH 2xxx firmware version 3.00

remotely exploitablelow complexity attackaffects network infrastructure switcheslarge number of affected devices and models

Affected products (64)

64 with fix

ProductAffected VersionsFix Status

FL SWITCH 20053.003.10

FL SWITCH 20083.003.10

FL SWITCH 2008F3.003.10

FL SWITCH 20163.003.10

FL SWITCH 21053.003.10

Remediation & Mitigation

0/3

Do now

0/2

WORKAROUNDDisable SSH login on devices still running firmware 3.00 until patching can be completed

HARDENINGRestrict network access to SSH port 22 (TCP) on affected switches using firewall rules or network ACLs to only authorized engineering workstations or management subnets

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade all affected FL SWITCH 2xxx devices running firmware 3.00 to firmware version 3.10 or later

CVEs (1)

CVE-2022-22509

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4870cd4f-3407-4d3d-bc8f-afe0cbc981d2