VYPR

Fl Mguard Dm

by Phoenixcontact

CVEs (27)

  • CVE-2024-7698Sep 10, 2024
    risk 0.00cvss epss 0.00

    A low privileged remote attacker can get access to CSRF tokens of higher privileged users which can be abused to mount CSRF attacks.

  • CVE-2024-7734Sep 10, 2024
    risk 0.00cvss epss 0.00

    An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers.

  • CVE-2023-2673Jun 13, 2023
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks.

  • CVE-2022-3480Nov 15, 2022
    risk 0.00cvss epss 0.01

    A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for…

  • CVE-2021-34579Nov 9, 2022
    risk 0.00cvss epss 0.01

    In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web…

  • CVE-2021-34598Nov 10, 2021
    risk 0.00cvss epss 0.01

    In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active

  • CVE-2021-34582Nov 10, 2021
    risk 0.00cvss epss 0.00

    In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file.

Page 2 of 2