CVE-2021-34598

EPSS 0.27%
Published 10.11.2021 12:15:16
Last modified 21.11.2024 06:10:47
Source info@cert.vde.com
Teams watchlist Login
Open Login

In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 the remote logging functionality is impaired by the lack of memory release for data structures from syslog-ng when remote logging is active

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Phoenixcontact ≫ Fl Mguard 1102 Firmware Version1.4.0

Phoenixcontact ≫ Fl Mguard 1102 Version-

Phoenixcontact ≫ Fl Mguard 1102 Firmware Version1.4.1

Phoenixcontact ≫ Fl Mguard 1102 Version-

Phoenixcontact ≫ Fl Mguard 1102 Firmware Version1.5.0

Phoenixcontact ≫ Fl Mguard 1102 Version-

Phoenixcontact ≫ Fl Mguard 1105 Firmware Version1.4.0

Phoenixcontact ≫ Fl Mguard 1105 Version-

Phoenixcontact ≫ Fl Mguard 1105 Firmware Version1.4.1

Phoenixcontact ≫ Fl Mguard 1105 Version-

Phoenixcontact ≫ Fl Mguard 1105 Firmware Version1.5.0

Phoenixcontact ≫ Fl Mguard 1105 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.27%	0.5

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
info@cert.vde.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

https://cert.vde.com/en/advisories/VDE-2021-046/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34598

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34598

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34598

EUVD