CVE-2021-34579: PHOENIX CONTACT: FL MGUARD DM version 1.12.0 and 1.13.0 Improper Privilege Management

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-34579

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

PHOENIX CONTACT: FL MGUARD DM version 1.12.0 and 1.13.0 Improper Privilege Management

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to the Apache web server being installed as part of the FL MGUARD DM on Microsoft Windows does not require login credentials even if configured during installation.Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles (“ATV profiles”). Such configuration profiles may contain sensitive information, e.g. private keys associated with IPsec VPN connections.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

特权管理不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Phoenix Contact FL MGUARD DM 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Phoenix Contact FL MGUARD DM是德国菲尼克斯电气（Phoenix Contact）公司的MGUARD 设备的中央设备管理软件，适用于现场任意数量的设备。 Phoenix Contact FL MGUARD DM 1.12.0版本和1.13.0版本存在安全漏洞，该漏洞源于访问部分服务器不需要登录凭据，即使在安装期间进行了配置。具有网络访问权限的攻击者可以下载并读取配置文件，此类配置文件可能包含敏感信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
PHOENIX CONTACT	FL MGUARD DM (2981974)	1.12.0	-

II. Public POCs for CVE-2021-34579

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-34579

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same vendor: PHOENIX CONTACT

Same weakness: CWE-269

V. Comments for CVE-2021-34579

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-34579

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-34579

III. Intelligence Information for CVE-2021-34579

IV. Related Vulnerabilities

V. Comments for CVE-2021-34579

Leave a comment