high
8.1
CWE
74
Advisory Published
Updated

CVE-2024-43389: Phoenix Contact: OSPF reconfiguration due to improper input validation in MGUARD devices

First published: Tue Sep 10 2024(Updated: )

A low privileged remote attacker can perform configuration changes of the ospf service through OSPF_INTERFACE.SIMPLE_KEY, OSPF_INTERFACE.DIGEST_KEY environment variables which can lead to a DoS.

Credit: info@cert.vde.com

Affected SoftwareAffected VersionHow to fix
All of
Phoenix Contact TC Mguard RS4000 4G VZW VPN Firmware<8.9.3
Phoenix Contact TC Mguard RS4000 4G VZW VPN Firmware
All of
Phoenix Contact mGuard RS4000 4G VPN<8.9.3
Phoenix Contact mGuard RS4000 4G VPN
All of
Phoenix Contact TC Mguard RS4000 4G AT&T VPN<8.9.3
Phoenix Contact TC Mguard RS4000 4G AT&T VPN
All of
Phoenix Contact mGuard RS4000 3G VPN<8.9.3
Phoenix Contact TC Mguard RS4000 3G VPN
All of
Phoenixcontact Tc Mguard Rs2000 4g Vpn Firmware<8.9.3
Phoenix Contact TC Mguard RS2000 4G VZW VPN
All of
Phoenix Contact TC MGuard RS2000 4G AT&T VPN Firmware<8.9.3
Phoenixcontact Mguard Rs2000 4g Vpn
All of
Phoenix Contact TC MGuard RS2000 4G ATT VPN<8.9.3
Phoenix Contact TC MGuard RS2000 4G AT&T VPN Firmware
All of
Phoenixcontact Tc Mguard Rs2000 3g Vpn<8.9.3
Phoenixcontact Tc Mguard Rs2000 3g Vpn Firmware
All of
Phoenix Contact FL MGUARD SMART2 VPN Firmware<8.9.3
Phoenixcontact FL Mguard Smart2
All of
Phoenixcontact FL Mguard Smart2<8.9.3
Phoenixcontact FL Mguard Smart2
All of
Phoenix Contact FL MGuard RS4004 TX/DX VPN Firmware<8.9.3
Phoenix Contact FL MGuard RS4004 Tx/Dtx VPN
All of
Phoenixcontact Fl Mguard Rs4004 Tx/dtx Firmware<8.9.3
Phoenix Contact FL MGuard RS4004 Tx/Dtx
All of
Phoenixcontact FL Mguard RS4000 TX/TX VPN Firmware<8.9.3
Phoenixcontact FL Mguard RS4000 Tx/TX VPN
All of
Phoenixcontact Fl Mguard Rs4000 Tx/tx-p Firmware<8.9.3
Phoenix Contact FL MGUARD RS4000 TX/TX-P
All of
Phoenix Contact FL MGUARD RS4000 TX/TX-M Firmware<8.9.3
Phoenixcontact Fl Mguard Rs4000 Tx/tx-m
All of
Phoenixcontact Fl Mguard Rs4000 Tx/tx Firmware<8.9.3
Phoenix Contact FL MGuard RS4000 Tx/TX
All of
Phoenix Contact FL MGuard RS2005 TX VPN<8.9.3
Phoenix Contact FL MGuard RS2005 TX VPN
All of
Phoenix Contact FL MGUARD RS2000 TX/TX VPN Firmware<8.9.3
Phoenix Contact FL MGuard RS2000 TX/TX VPN
All of
Phoenixcontact Fl Mguard Rs2000 Tx/tx-b Firmware<8.9.3
Phoenixcontact FL Mguard RS2000 Tx/Tx-b
All of
Phoenix Contact FL Mguard PCIe4000 VPN Firmware<8.9.3
Phoenix Contact FL Mguard PCIe4000 VPN
All of
Phoenixcontact Fl Mguard Pcie4000 Firmware<8.9.3
Phoenix Contact FL MGuard PCIe 4000
All of
Phoenixcontact Mguard Pci4000 Vpn Firmware<8.9.3
Phoenix Contact mGuard PCI4000 VPN
All of
Phoenixcontact Fl Mguard Pcie4000 Firmware<8.9.3
Phoenixcontact FL MGuard PCI4000 VPN
All of
Phoenixcontact FL Mguard GT/GT VPN Firmware<8.9.3
Phoenix Contact FL MGuard GT/GT VPN
All of
Phoenixcontact Fl Mguard Gt/gt Firmware<8.9.3
Phoenix Contact FL MGuard GT/GT
All of
Phoenixcontact Fl Mguard Delta Tx/tx Vpn Firmware<8.9.3
Phoenixcontact FL Mguard Delta TX/TX VPN
All of
Phoenix Contact FL Mguard Delta TX/TX Firmware<8.9.3
Phoenix Contact FL Mguard Delta TX/TX
All of
Phoenix Contact FL MGuard Core TX VPN Firmware<8.9.3
Phoenix Contact FL MGuard Core TX VPN Firmware
All of
Phoenix Contact FL MGuard Core TX Firmware<8.9.3
Phoenix Contact FL Mguard Core Tx
All of
Phoenixcontact Fl Mguard Centerport Vpn-1000<8.9.3
Phoenixcontact Fl Mguard Centerport Vpn-1000 Firmware
All of
Phoenixcontact Fl Mguard 4305<10.4.1
Phoenixcontact Fl Mguard 4305 Firmware
All of
Phoenixcontact FL Mguard 4302 Firmware<10.4.1
Phoenixcontact FL Mguard 4302 Firmware
All of
Phoenix Contact FL MGuard 4102 PCI Firmware<10.4.1
Phoenixcontact FL Mguard 4102 Pcie Firmware
All of
Phoenix Contact FL MGuard 4102 PCI Firmware<10.4.1
Phoenix Contact FL MGuard 4102 PCI
All of
Phoenixcontact Fl Mguard 2105 Firmware<10.4.1
Phoenixcontact Fl Mguard 2105 Firmware
All of
Phoenixcontact Fl Mguard 2102 Firmware<10.4.1
Phoenixcontact Fl Mguard 2102 Firmware

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-43389?

    CVE-2024-43389 is classified as a low severity vulnerability.

  • How do I fix CVE-2024-43389?

    To fix CVE-2024-43389, upgrade to a version of the affected firmware that is greater than 8.9.3.

  • Who is affected by CVE-2024-43389?

    CVE-2024-43389 affects various Phoenixcontact TC Mguard firmware versions prior to 8.9.3.

  • What type of attack does CVE-2024-43389 enable?

    CVE-2024-43389 allows a low privileged remote attacker to make configuration changes to the OSPF service.

  • What are the potential impacts of CVE-2024-43389?

    The exploitation of CVE-2024-43389 could lead to a Denial of Service (DoS) condition.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203