Low privileged attackers gain root access through user data prone to special element neutralization
CVE-2024-7699

8.8HIGH

Key Information:

Vendor: Phoenix Contact
Status: Fl Mguard 2102; Fl Mguard 2105; Fl Mguard 4102 Pci; Fl Mguard 4102 Pcie
Vendor: CVE Published:; 10 September 2024

Summary

A vulnerability exists in the product due to inadequate sanitization of user input, allowing low privileged remote attackers to execute operating system commands with elevated root privileges. This flaw results from improper neutralization of special elements in user data, enabling attackers to manipulate system operations. It poses significant risks, especially in environments where the product is deployed without stringent access controls.

Affected Version(s)

FL MGUARD 2102 0 < 10.4.1

FL MGUARD 2105 0 < 10.4.1

FL MGUARD 4102 PCI 0 < 10.4.1

References

https://cert.vde.com/en/advisories/VDE-2024-039

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 12, 2024

Credit

Andrea Palanca

Nozomi Networks Security Research Team