CVE-2026-22323

Summary

A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the victim’s knowledge or consent. Availability impact was set to low because after a successful attack the device will automatically recover without external intervention.

Affected Software

VendorProductVersion RangeStatus
Phoenix ContactFL SWITCH 20050.0.0 < 3.53affected
Phoenix ContactFL SWITCH 20080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 20160.0.0 < 3.53affected
Phoenix ContactFL SWITCH 21050.0.0 < 3.53affected
Phoenix ContactFL SWITCH 21080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 21160.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2204-2TC-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 22050.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206-2FX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206-2FX SM0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206-2FX SM ST0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206-2FX ST0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206-2SFX PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2206C-2FX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2207-FX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2207-FX SM0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 22080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2208 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2208C0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2212-2TC-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2214-2FX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2214-2FX SM0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2214-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2214-2SFX PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 22160.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2216 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2304-2GC-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2306-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2306-2SFP PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 23080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2308 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2312-2GC-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2314-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2314-2SFP PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 23160.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2316 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2404-2TC-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2406-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2406-2SFX PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 24080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2408 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2412-2TC-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2414-2SFX0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2414-2SFX PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 24160.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2416 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2504-2GC-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2506-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2506-2SFP PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 25080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2508 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2512-2GC-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2514-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2514-2SFP PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 25160.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2516 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 26080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2608 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 27080.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2708 PN0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2303-8SP10.0.0 < 3.53affected
Phoenix ContactFL NAT 20080.0.0 < 3.53affected
Phoenix ContactFL NAT 22080.0.0 < 3.53affected
Phoenix ContactFL NAT 2304-2GC-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2008F0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2316/K10.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2506-2SFP/K10.0.0 < 3.53affected
Phoenix ContactFL SWITCH 2508/K10.0.0 < 3.53affected
Phoenix ContactFL SWITCH TSN 23160.0.0 < 3.53affected
Phoenix ContactFL SWITCH TSN 2312-2GC-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH TSN 2314-2SFP0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 5924-4GC0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 5916-8GC-4SFP+0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 5924SFP-4GC0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 5924-4SFP+0.0.0 < 3.53affected
Phoenix ContactFL SWITCH 5916SFP-8GC-4SFP+0.0.0 < 3.53affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References