22 matches found
EUVD-2021-21229
Malware in sbrugna...
EUVD-2021-21248
Malware in sbrugna...
PT-2024-30549
Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions. Description A low privileged remote attacker can perform configuration changes of the ospf service through OSPF INTERFACE.SIMPLE KEY and OSPF INTERFACE.DIGEST KEY...
PT-2024-30553 · Phoenix Contact · Fl Mguard 2102 +41
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A low-privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access...
PHOENIX CONTACT FL MGUARD 安全漏洞
The PHOENIX CONTACT FL MGUARD is a series of routers from PHOENIX CONTACT, Germany. A security vulnerability exists in Phoenix Contact FL MGUARD versions prior to 2102 10.4.1 that originates from the behavior of an unauthenticated, remote attacker who can exploit the pathfinder TCP encapsulation...
PT-2023-3649 · Phoenix Contact · Phoenix Contact Fl Mguard
Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT FL/TC MGUARD Family affected versions not specified Description: The issue is related to improper input validation, which may allow UDP packets to bypass filter rules and access the device behind the MGUARD, potentially leadin...
CVE-2022-3480
A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections...
CVE-2022-3480
PHOENIX CONTACT FL MGUARD and TC MGUARD devices with firmware versions prior to 8.9.0 are vulnerable to a DoS caused by a flood of unauthenticated HTTPS connections from multiple source IPs. The issue is exploitable remotely and unauthenticated; firewall connection limits do not prevent it. A fix...
CVE-2021-34579
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download...
CVE-2021-34579
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download...
Code injection
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download...
CVE-2021-34579 PHOENIX CONTACT: FL MGUARD DM version 1.12.0 and 1.13.0 Improper Privilege Management
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download...
CVE-2021-34579
Phoenix Contact FL MGUARD DM versions 1.12.0 and 1.13.0 expose an Apache web server on Windows without required login, allowing network attackers to download ATV profiles containing sensitive data (e.g., IPsec private keys). The root cause is insufficient access control for the web server embedde...
CVE-2021-34579 PHOENIX CONTACT: FL MGUARD DM version 1.12.0 and 1.13.0 Improper Privilege Management
In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download...
CVE-2021-34598
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...
CVE-2021-34582
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code XSS through web-based management or the REST API with a manipulated certificate file...
Design/Logic Flaw
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...
Code injection
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code XSS through web-based management or the REST API with a manipulated certificate file...
CVE-2021-34598
Phoenix Contact FL MGUARD 1102/1105 (firmware v1.4.0, 1.4.1, 1.5.0) has a vulnerability where remote logging is impaired due to failure to release memory for syslog-ng data structures when remote logging is active. The impact described aligns with partial availability degradation; exploitation de...
CVE-2021-34598 Phoenix Contact: FL MGUARD lack of memory release in remote logging functionality
In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active...