CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25995 – PHOENIX CONTACT: Remote code execution in CHARX Series
https://notcve.org/view.php?id=CVE-2024-25995
An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function. Un atacante remoto no autenticado puede modificar las configuraciones para realizar una ejecución remota de código debido a una falta de autenticación para una función crítica. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CharxSystemConfigManager service, which listens on TCP port 5001 by default. The issue results from the lack of proper validation of a user-supplied string before using it to update a configuration. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25994 – PHOENIX CONTACT: Unintended script file upload in CHARX Series
https://notcve.org/view.php?id=CVE-2024-25994
An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. Un atacante remoto no autenticado puede cargar un archivo de script arbitrario debido a una validación de entrada incorrecta. El destino de carga es fijo y es de solo escritura. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Phoenix Contact CHARX SEC-3100 devices. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7935
https://notcve.org/view.php?id=CVE-2017-7935
A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests. Se ha descubierto un problema de agotamiento de recursos en Phoenix Contact GmbH mGuard desde la versión 8.3.0 hasta la 8.4.2. Un atacante podría comprometer la disponibilidad del dispositivo mediante múltiples peticiones iniciales de VPN. • https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7937
https://notcve.org/view.php?id=CVE-2017-7937
An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable. Se detectó un problema de autenticación inapropiada en Phoenix Contact GmbH versiones de firmware 8.3.0 hasta 8.4.2. Un atacante puede alcanzar acceso no autorizado al firewall del usuario cuando no se puede acceder a los servidores RADIUS. • https://ics-cert.us-cert.gov/advisories/ICSA-17-131-01 • CWE-287: Improper Authentication •