Filtered by vendor Phoenixcontact Subscriptions
Total 114 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-43393 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2024-10-01 8.1 High
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP FW_RULESETS.FROM_IP FW_RULESETS.IN_IP environment variable which can lead to a DoS.
CVE-2024-43392 1 Phoenixcontact 60 Fl Mguard Centerport Vpn-1000, Fl Mguard Centerport Vpn-1000 Firmware, Fl Mguard Core Tx and 57 more 2024-10-01 8.1 High
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_INCOMING.FROM_IP FW_INCOMING.IN_IP FW_OUTGOING.FROM_IP FW_OUTGOING.IN_IP environment variable which can lead to a DoS.
CVE-2024-43391 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2024-10-01 8.1 High
A low privileged remote attacker can perform configuration changes of the firewall services, including packet filter, packet forwarding, network access control or NAT through the FW_PORTFORWARDING.SRC_IP environment variable which can lead to a DoS.
CVE-2024-43390 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2024-10-01 8.1 High
A low privileged remote attacker can perform configuration changes of the firewall services, including packet forwarding or NAT through the FW_NAT.IN_IP environment variable which can lead to a DoS.
CVE-2024-43389 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2024-10-01 8.1 High
A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS.
CVE-2024-7734 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2024-09-28 5.3 Medium
An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers.
CVE-2024-7698 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2024-09-27 5.7 Medium
A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.
CVE-2024-43387 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2024-09-27 8.8 High
A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices.
CVE-2024-43386 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2024-09-27 8.8 High
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.
CVE-2024-43385 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2024-09-27 8.8 High
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.
CVE-2024-43388 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2024-09-27 8.8 High
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation.
CVE-2024-7699 1 Phoenixcontact 72 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 2105 and 69 more 2024-09-27 8.8 High
An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.
CVE-2024-3913 1 Phoenixcontact 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more 2024-09-13 7.5 High
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.
CVE-2024-6788 1 Phoenixcontact 4 Charx Sec 3000, Charx Sec 3050, Charx Sec 3100 and 1 more 2024-08-13 8.6 High
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.