Low Privileged User Can Read and Write Files as Root Due to Improper Neutralization of Special Elements in mGuard Devices
CVE-2024-43387

8.8HIGH

Key Information:

Vendor: Phoenix Contact
Status: Fl Mguard 2102; Fl Mguard 2105; Fl Mguard 4102 Pci; Fl Mguard 4102 Pcie
Vendor: CVE Published:; 10 September 2024

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2024-43387?

A security vulnerability in mGuard devices arises from improper handling of input related to the EMAIL_RELAY_PASSWORD variable. This flaw enables low privileged remote attackers to execute unauthorized read and write operations on files, potentially compromising the integrity and confidentiality of the device. This issue highlights the importance of robust input validation mechanisms to prevent exploitation and protect sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FL MGUARD 2102 0 < 10.4.1

FL MGUARD 2105 0 < 10.4.1

FL MGUARD 4102 PCI 0 < 10.4.1

References

https://cert.vde.com/en/advisories/VDE-2024-039

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 12, 2024

Credit

Andrea Palanca

Nozomi Networks Security Research Team

JSON

Phoenix Contact

What is CVE-2024-43387?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.