CVE-2024-43388 – Phoenix Contact: SNMP reconfiguration due to improper input validation in MGUARD devices
https://notcve.org/view.php?id=CVE-2024-43388
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation. • https://cert.vde.com/en/advisories/VDE-2024-039 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2024-43387 – Phoenix Contact: Access files due to improper neutralization of special elements in MGUARD devices
https://notcve.org/view.php?id=CVE-2024-43387
A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices. • https://cert.vde.com/en/advisories/VDE-2024-039 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-43386 – Phoenix Contact: OS command execution through EMAIL_NOTIFICATION.TO in mGuard devices.
https://notcve.org/view.php?id=CVE-2024-43386
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices. • https://cert.vde.com/en/advisories/VDE-2024-039 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-43385 – Phoenix Contact: OS command execution through PROXY_HTTP_PORT in mGuard devices
https://notcve.org/view.php?id=CVE-2024-43385
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices. • https://cert.vde.com/en/advisories/VDE-2024-039 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-7699 – Phoenix Contact: OS command execution in MGUARD products
https://notcve.org/view.php?id=CVE-2024-7699
An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data. • https://cert.vde.com/en/advisories/VDE-2024-039 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •