Skip to main content

Fl Switch 2316 Pn CVE-2026-22317

| EUVDEUVD-2026-12786 HIGH
Command Injection (CWE-77)
2026-03-18 CERTVDE
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:21 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
3.53
EUVD ID Assigned
Mar 18, 2026 - 08:00 euvd
EUVD-2026-12786
Analysis Generated
Mar 18, 2026 - 08:00 vuln.today
CVE Published
Mar 18, 2026 - 07:33 nvd
HIGH 7.2

DescriptionCVE.org

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges.

AnalysisAI

Arbitrary command execution with root privileges affects multiple Fl Switch and Fl Nat devices through improper handling of HTTP POST requests in the Root CA certificate transfer workflow. An authenticated high-privileged attacker can exploit this command injection flaw to execute arbitrary commands on the underlying Linux operating system. No patch is currently available for the affected product versions.

Technical ContextAI

This vulnerability (CWE-77: Command Injection) affects Phoenix Contact industrial Ethernet switches and NAT routers, specifically in firmware handling certificate management workflows. The affected products include the FL SWITCH 2000-series (ranging from 5 to 16 ports), FL SWITCH 5900-series high-performance switches, and FL NAT network address translation devices, all running Linux-based firmware. The command injection occurs during Root CA certificate transfer operations, where user-supplied input in HTTP POST requests is insufficiently sanitized before being passed to system shell commands. This allows metacharacters or command separators to break out of the intended command context and execute arbitrary OS commands. The vulnerability exists in the web management interface's certificate handling code, where the application fails to properly validate or escape user input before constructing shell commands for certificate installation or transfer operations.

RemediationAI

Upgrade all affected Phoenix Contact FL SWITCH and FL NAT devices to firmware version 3.53 or later, as specified in the CERT@VDE advisory at https://certvde.com/de/advisories/VDE-2025-104. Prior to patching, restrict administrative access to the web management interface to trusted management networks only, using firewall rules or VLANs to prevent access from production or untrusted networks. Implement strong password policies and multi-factor authentication where supported to reduce the risk of credential compromise. Monitor administrative access logs for unusual certificate management operations or suspicious POST requests to certificate-related endpoints. Consider placing these devices behind a jump host or bastion server that enforces additional authentication and logging for administrative sessions. Review and rotate administrative credentials after applying the patch to ensure no compromised accounts persist.

Share

CVE-2026-22317 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy