Shodan
Vulnerabilities
Vulnerable Software
Phoenixcontact:  Security Vulnerabilities
CVE-2024-43385
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable PROXY_HTTP_PORT in mGuard devices.
CVSS Score
8.8
EPSS Score
0.018
Published
2024-09-10
CVE-2024-43386
A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL_NOTIFICATION.TO in mGuard devices.
CVSS Score
8.8
EPSS Score
0.018
Published
2024-09-10
CVE-2024-43387
A low privileged remote attacker can read and write files as root due to improper neutralization of special elements in the variable EMAIL_RELAY_PASSWORD in mGuard devices.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-09-10
CVE-2024-43388
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-09-10
CVE-2024-7734
An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-09-10
CVE-2024-6788
A remote unauthenticated attacker can use the firmware update feature on the LAN interface of the device to reset the password for the predefined, low-privileged user “user-app” to the default password.
CVSS Score
8.6
EPSS Score
0.034
Published
2024-08-13
CVE-2024-3913
An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-08-13
CVE-2024-28137
A local attacker with low privileges can perform a privilege escalation with an init script due to a TOCTOU vulnerability.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-05-14
CVE-2024-28136
A local attacker with low privileges can use a command injection vulnerability to gain root privileges due to improper input validation using the OCPP Remote service.
CVSS Score
7.8
EPSS Score
0.003
Published
2024-05-14
CVE-2024-28135
A low privileged remote attacker can use a command injection vulnerability in the API which performs remote code execution as the user-app user due to improper input validation. The confidentiality is partly affected.
CVSS Score
5.0
EPSS Score
0.01
Published
2024-05-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved