CVE-2026-22323
7.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L
Summary
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Phoenix Contact | FL SWITCH 2005 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2008 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2016 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2105 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2108 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2116 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2204-2TC-2SFX | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2205 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2206-2FX | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2206-2FX SM | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2206-2FX SM ST | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2206-2FX ST | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2206-2SFX | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2206-2SFX PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2206C-2FX | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2207-FX | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2207-FX SM | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2208 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2208 PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2208C | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2212-2TC-2SFX | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2214-2FX | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2214-2FX SM | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2214-2SFX | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2214-2SFX PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2216 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2216 PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2304-2GC-2SFP | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2306-2SFP | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2306-2SFP PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2308 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2308 PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2312-2GC-2SFP | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2314-2SFP | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2314-2SFP PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2316 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2316 PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2404-2TC-2SFX | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2406-2SFX | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2406-2SFX PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2408 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2408 PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2412-2TC-2SFX | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2414-2SFX | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2414-2SFX PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2416 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2416 PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2504-2GC-2SFP | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2506-2SFP | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2506-2SFP PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2508 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2508 PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2512-2GC-2SFP | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2514-2SFP | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2514-2SFP PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2516 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2516 PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2608 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2608 PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2708 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2708 PN | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2303-8SP1 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL NAT 2008 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL NAT 2208 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL NAT 2304-2GC-2SFP | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2008F | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2316/K1 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2506-2SFP/K1 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 2508/K1 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH TSN 2316 | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH TSN 2312-2GC-2SFP | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH TSN 2314-2SFP | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 5924-4GC | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 5916-8GC-4SFP+ | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 5924SFP-4GC | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 5924-4SFP+ | 0.0.0 < 3.53 | affected |
| Phoenix Contact | FL SWITCH 5916SFP-8GC-4SFP+ | 0.0.0 < 3.53 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.