Cross-site scripting in web-based management and memory leak in the remote logging function of FL MGUARD 1102 and FL MGUARD 1105.

CVE-2021-34582:
The file upload functionality in the web-based management is affected by a stored cross-site scripting vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation). An authenticated FL MGUARD user with Admin or Super Admin role can upload a certificate file on the Basic settings > LDAP page, on the Logs > Remote logging page, or through the REST API. The content of this file is embedded into the corresponding web page, and any
HTML code within the file is rendered when the page is viewed by the same or a different authenticated user.

CVE-2021-34598:
The remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active (CWE-770: Allocation of Resources Without Limits or Throttling).



PC Worx / -Express is vulnerable to a “zip slip” style vulnerability when loading a project file.



Access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.



A device on the same network as the controller sending a special crafted JSON request to the /auth/access-token endpoint may cause the controller to restart (CWE-20).

UPDATE A

The CVSS score has been raised from 7.7 (CVSS:3.0:AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H) to 9.1 (CVSS:3.0:AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)



Third party Niche Ethernet stack has several vulnerabilities announced by the security researcher’s community.
Phoenix Contact Classic Line industrial controllers are developed and designed for the use in closed industrial networks. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a Denial of Service or a Breach of Integrity of the PLC.



A Denial of Service and a CA Check Problem have been identified in multiple openSSL 1.1.1 versions, which are utilized in the Phoenix Contact products listed above.



The vulnerability is a Time-of-Check-Time-of-Use (CWE-367) issue which allows an attacker with access to the firmware update file to overwrite it after it has been verified (but before installation is completed), which consequently allows installing an arbitrary firmware update, bypassing the cryptographic signature check mechanism.



Feeds

Nach Hersteller

Archiv

2024
2023
2022
2021
2020
2019
2018
2017

Legende

(Scoring für CVSS 2.0,3.0+3.1)
keine
Kein CVE verfügbar
Niedrig
0.1 <= 3.9
Mittel
4.0 <= 6.9
Hoch
7.0 <= 8.9
Kritisch
9.0 <= 10.0