CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26002 – PHOENIX CONTACT: File ownership manipulation in CHARX Series
https://notcve.org/view.php?id=CVE-2024-26002
An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files. ... This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-25999 – PHOENIX CONTACT: Privilege escalation in the OCPP agent service
https://notcve.org/view.php?id=CVE-2024-25999
This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://cert.vde.com/en/advisories/VDE-2024-011 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 1CVE-2024-26521
https://notcve.org/view.php?id=CVE-2024-26521
HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component. • https://github.com/hackervegas001/CVE-2024-26521 https://github.com/capture0x/Phoenix • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0670 – Privilege escalation in windows agent
https://notcve.org/view.php?id=CVE-2024-0670
Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges La escalada de privilegios en el complemento del agente de Windows en Checkmk anterior a 2.2.0p23, 2.1.0p40 y 2.0.0 (EOL) permite al usuario local escalar privilegios • http://seclists.org/fulldisclosure/2024/Mar/29 https://checkmk.com/werk/16361 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2023-50015
https://notcve.org/view.php?id=CVE-2023-50015
An issue was discovered in Grandstream GXP14XX 1.0.8.9 and GXP16XX 1.0.7.13, allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token. • https://github.com/n0obit4/Vulnerability_Disclosure/tree/main/CVE-2023-50015 • CWE-250: Execution with Unnecessary Privileges •