Phoenix Contact: FL MGUARD lack of memory release in remote logging functionality
CVE-2021-34598

7.5HIGH

Key Information:

Vendor
Phoenix Contact
Status
Fl Mguard
Vendor
CVE Published:
10 November 2021

Summary

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active

Affected Version(s)

FL MGUARD 1.4.0

FL MGUARD 1.4.0

References

https://cert.vde.com/en/advisories/VDE-2021-046/
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This vulnerability was discovered by a key customer. We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
.
CVE-2021-34598 : Phoenix Contact: FL MGUARD lack of memory release in remote logging functionality | SecurityVulnerability.io