Vulnerability-Lookup

GHSA-CHPX-369Q-WWRX

Vulnerability from github – Published: 2024-09-10 09:31 – Updated: 2024-09-10 09:31

Details

An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-7699"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T09:15:07Z",
    "severity": "HIGH"
  },
  "details": "An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.",
  "id": "GHSA-chpx-369q-wwrx",
  "modified": "2024-09-10T09:31:12Z",
  "published": "2024-09-10T09:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7699"
    },
    {
      "type": "WEB",
      "url": "https://cert.vde.com/en/advisories/VDE-2024-039"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-7699 (GCVE-0-2024-7699)

Vulnerability from cvelistv5 – Published: 2024-09-10 08:42 – Updated: 2024-09-10 14:25

Title

Phoenix Contact: OS command execution in MGUARD products

Summary

An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.

Severity

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

CERTVDE

References

1 reference

URL	Tags
https://cert.vde.com/en/advisories/VDE-2024-039

Impacted products

36 products

Vendor	Product	Version
PHOENIX CONTACT	FL MGUARD 2102	Affected: 0 , < 10.4.1 (semver)
PHOENIX CONTACT	FL MGUARD 2105	Affected: 0 , < 10.4.1 (semver)
PHOENIX CONTACT	FL MGUARD 4102 PCI	Affected: 0 , < 10.4.1 (semver)
PHOENIX CONTACT	FL MGUARD 4102 PCIE	Affected: 0 , < 10.4.1 (semver)
PHOENIX CONTACT	FL MGUARD 4302	Affected: 0 , < 10.4.1 (semver)
PHOENIX CONTACT	FL MGUARD 4305	Affected: 0 , < 10.4.1 (semver)
PHOENIX CONTACT	FL MGUARD CENTERPORT VPN-1000	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD CORE TX	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD CORE TX VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD DELTA TX/TX	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD DELTA TX/TX VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD GT/GT	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD GT/GT VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD PCI4000	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD PCI4000 VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD PCIE4000	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD PCIE4000 VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD RS2000 TX/TX-B	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD RS2000 TX/TX VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD RS2005 TX VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD RS4000 TX/TX	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD RS4000 TX/TX-M	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD RS4000 TX/TX-P	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD RS4000 TX/TX VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD RS4004 TX/DTX	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD RS4004 TX/DTX VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD SMART2	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	FL MGUARD SMART2 VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	TC MGUARD RS2000 3G VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	TC MGUARD RS2000 4G ATT VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	TC MGUARD RS2000 4G VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	TC MGUARD RS2000 4G VZW VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	TC MGUARD RS4000 3G VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	TC MGUARD RS4000 4G ATT VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	TC MGUARD RS4000 4G VPN	Affected: 0 , < 8.9.3 (semver)
PHOENIX CONTACT	TC MGUARD RS4000 4G VZW VPN	Affected: 0 , < 8.9.3 (semver)

Credits

Andrea Palanca Nozomi Networks Security Research Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:phoenixcontact:fl_mguard_centerport_vpn-1000_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx-b_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs2005_tx_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-m_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-p_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_smart2_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_smart2_vpn_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fl_mguard_smart2_vpn_firmware",
            "vendor": "phoenixcontact",
            "versions": [
              {
                "lessThan": "8.9.3",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:phoenixcontact:fl_mguard_2102_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_2105_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_4102_pcie_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_4102_pci_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_4302_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_4305_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fl_mguard_4305_firmware",
            "vendor": "phoenixcontact",
            "versions": [
              {
                "lessThan": "10.4.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tc_mguard_rs4000_4g_vzw_vpn_firmware",
            "vendor": "phoenixcontact",
            "versions": [
              {
                "lessThan": "8.9.3",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7699",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T14:25:49.250812Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T14:25:56.498Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD 2102",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD 2105",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD 4102 PCI",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD 4102 PCIE",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD 4302",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD 4305",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD CENTERPORT VPN-1000",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD CORE TX",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD CORE TX VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD DELTA TX/TX",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD DELTA TX/TX VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD GT/GT",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD GT/GT VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD PCI4000",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD PCI4000 VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD PCIE4000",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD PCIE4000 VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS2000 TX/TX-B",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS2000 TX/TX VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS2005 TX VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS4000 TX/TX",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS4000 TX/TX-M",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS4000 TX/TX-P",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS4000 TX/TX VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS4004 TX/DTX",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS4004 TX/DTX VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD SMART2",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD SMART2 VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS2000 3G VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS2000 4G ATT VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS2000 4G VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS2000 4G VZW VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS4000 3G VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS4000 4G ATT VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS4000 4G VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS4000 4G VZW VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Andrea Palanca"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Nozomi Networks Security Research Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "An low privileged remote attacker can execute OS commands with root privileges due to improper neutralization of special elements in user data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T08:42:55.635Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-039"
        }
      ],
      "source": {
        "advisory": "VDE-2024-039",
        "defect": [
          "CERT@VDE#641656"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Phoenix Contact: OS command execution in MGUARD products",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-7699",
    "datePublished": "2024-09-10T08:42:55.635Z",
    "dateReserved": "2024-08-12T08:30:25.190Z",
    "dateUpdated": "2024-09-10T14:25:56.498Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-CHPX-369Q-WWRX

CVE-2024-7699 (GCVE-0-2024-7699)

Tags

Sightings

Nomenclature