The vulnerability is a command injection flaw in the Root CA certificate transfer workflow that enables a high‑privileged attacker to send crafted HTTP POST requests. The flaw allows arbitrary command execution on the underlying Linux operating system with root privileges. The weakness is a classic command injection (CWE‑77).

Affected devices include numerous Phoenix Contact models such as FL NAT 2008, FL NAT 2208, FL NAT 2304‑2GC‑2SFP, FL SWITCH 2005, FL SWITCH 2008, FL SWITCH 2008F, FL SWITCH 2016, FL SWITCH 2105, FL SWITCH 2108, FL SWITCH 2116, FL SWITCH 2204‑2TC‑2SFX, FL SWITCH 2205, FL SWITCH 2206‑2FX, FL SWITCH 2206‑2FX SM, FL SWITCH 2206‑2FX SM ST, FL SWITCH 2206‑2FX ST, FL SWITCH 2206‑2SFX, FL SWITCH 2206‑2SFX PN, FL SWITCH 2206C‑2FX, FL SWITCH 2207‑FX, FL SWITCH 2207‑FX SM, FL SWITCH 2208, FL SWITCH 2208 PN, FL SWITCH 2208C, FL SWITCH 2212‑2TC‑2SFX, FL SWITCH 2214‑2FX, FL SWITCH 2214‑2FX SM, FL SWITCH 2214‑2SFX, FL SWITCH 2214‑2SFX PN, FL SWITCH 2216, FL SWITCH 2216 PN, FL SWITCH 2303‑8SP1, FL SWITCH 2304‑2GC‑2SFP, FL SWITCH 2306‑2SFP, FL SWITCH 2306‑2SFP PN, FL SWITCH 2308, FL SWITCH 2308 PN, FL SWITCH 2312‑2GC‑2SFP, FL SWITCH 2314‑2SFP, FL SWITCH 2314‑2SFP PN, FL SWITCH 2316, FL SWITCH 2316 PN, FL SWITCH 2316/K1, FL SWITCH 2404‑2TC‑2SFX, FL SWITCH 2406‑2SFX, FL SWITCH 2406‑2SFX PN, FL SWITCH 2408, FL SWITCH 2408 PN, FL SWITCH 2412‑2TC‑2SFX, FL SWITCH 2414‑2SFX, FL SWITCH 2414‑2SFX PN, FL SWITCH 2416, FL SWITCH 2416 PN, FL SWITCH 2504‑2GC‑2SFP, FL SWITCH 2506‑2SFP, FL SWITCH 2506‑2SFP PN, FL SWITCH 2506‑2SFP/K1, FL SWITCH 2508, FL SWITCH 2508 PN, FL SWITCH 2508/K1, FL SWITCH 2512‑2GC‑2SFP, FL SWITCH 2514‑2SFP, FL SWITCH 2514‑2SFP PN, FL SWITCH 2516, FL SWITCH 2516 PN, FL SWITCH 2608, FL SWITCH 2608 PN, FL SWITCH 2708, FL SWITCH 2708 PN, FL SWITCH 5916‑8GC‑4SFP+, FL SWITCH 5916SFP‑8GC‑4SFP+, FL SWITCH 5924‑4GC, FL SWITCH 5924‑4SFP+, FL SWITCH 5924SFP‑4GC, FL SWITCH TSN 2312‑2GC‑2SFP, FL SWITCH TSN 2314‑2SFP, FL SWITCH TSN 2316. No specific firmware or OS version details are supplied, so all listed models may be vulnerable.

The vulnerability has a CVSS score of 7.2 indicating moderate severity, and the EPSS score is not available. It is not listed in CISA’s KEV catalog. The flaw is exploitable via crafted HTTP POST requests to the Root CA certificate transfer endpoint, implying that an attacker must have access to the device’s management interface and sufficient privileges to interact with the HTTP API. No special conditions beyond that are described, and remote code execution would give the attacker full root control of the Linux OS running on the device.