Lucene search

CERTVDECVELIST:CVE-2021-34598

HistoryNov 10, 2021 - 12:00 a.m.

CVE-2021-34598 Phoenix Contact: FL MGUARD lack of memory release in remote logging functionality

2021-11-1000:00:00

CWE-401

CERTVDE

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

39.1%

JSON

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active

CNA Affected

[
  {
    "product": "FL MGUARD",
    "vendor": "PHOENIX CONTACT",
    "versions": [
      {
        "lessThan": "FL MGUARD 1102 (No. 1153079)*",
        "status": "affected",
        "version": "1.4.0",
        "versionType": "custom"
      },
      {
        "lessThan": "FL MGUARD 1105 (No. 1153078)*",
        "status": "affected",
        "version": "1.4.0",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2021-046/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for CVELIST:CVE-2021-34598