Common Weakness Enumeration

CWE-94

Allowed-with-Review

Improper Control of Generation of Code ('Code Injection')

Abstraction: Base · Status: Draft

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

8285 vulnerabilities reference this CWE, most recent first.

CVE-2024-43388 (GCVE-0-2024-43388)

Vulnerability from cvelistv5 – Published: 2024-09-10 08:44 – Updated: 2025-08-22 06:22
VLAI
Title
Phoenix Contact: SNMP reconfiguration due to improper input validation in MGUARD devices
Summary
A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
Vendor Product Version
PHOENIX CONTACT FL MGUARD 2102 Affected: 0 , < 10.4.1 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD 2105 Affected: 0 , < 10.4.1 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD 4102 PCI Affected: 0 , < 10.4.1 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD 4102 PCIE Affected: 0 , < 10.4.1 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD 4302 Affected: 0 , < 10.4.1 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD 4305 Affected: 0 , < 10.4.1 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD CENTERPORT VPN-1000 Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD CORE TX Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD CORE TX VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD DELTA TX/TX Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD DELTA TX/TX VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD GT/GT Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD GT/GT VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD PCI4000 Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD PCI4000 VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD PCIE4000 Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD PCIE4000 VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD RS2000 TX/TX-B Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD RS2000 TX/TX VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD RS2005 TX VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD RS4000 TX/TX Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD RS4000 TX/TX-M Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD RS4000 TX/TX-P Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD RS4000 TX/TX VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD RS4004 TX/DTX Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD RS4004 TX/DTX VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD SMART2 Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT FL MGUARD SMART2 VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT TC MGUARD RS2000 3G VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT TC MGUARD RS2000 4G ATT VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT TC MGUARD RS2000 4G VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT TC MGUARD RS2000 4G VZW VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT TC MGUARD RS4000 3G VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT TC MGUARD RS4000 4G ATT VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT TC MGUARD RS4000 4G VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
PHOENIX CONTACT TC MGUARD RS4000 4G VZW VPN Affected: 0 , < 8.9.3 (semver)
Create a notification for this product.
phoenixcontact fl_mguard_smart2_vpn_firmware Affected: 0 , < 8.9.3 (semver)
    cpe:2.3:o:phoenixcontact:fl_mguard_centerport_vpn-1000_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\/tx_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\/tx_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_gt\/gt_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_gt\/gt_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\/tx-b_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\/tx_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_rs2005_tx_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\/tx_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\/tx-m_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\/tx-p_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\/tx_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\/dtx_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\/dtx_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_smart2_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_smart2_vpn_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
phoenixcontact fl_mguard_4305_firmware Affected: 0 , < 10.4.1 (semver)
    cpe:2.3:o:phoenixcontact:fl_mguard_2102_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_2105_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_4102_pcie_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_4102_pci_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_4302_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:fl_mguard_4305_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
phoenixcontact tc_mguard_rs4000_4g_vzw_vpn_firmware Affected: 0 , < 8.9.3 (semver)
    cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Andrea Palanca Nozomi Networks Security Research Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:phoenixcontact:fl_mguard_centerport_vpn-1000_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_core_tx_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_delta_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_gt\\/gt_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_pci4000_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_pcie4000_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx-b_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs2000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs2005_tx_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-m_firmware:-:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx-p_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs4000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_rs4004_tx\\/dtx_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_smart2_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_smart2_vpn_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fl_mguard_smart2_vpn_firmware",
            "vendor": "phoenixcontact",
            "versions": [
              {
                "lessThan": "8.9.3",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:phoenixcontact:fl_mguard_2102_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_2105_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_4102_pcie_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_4102_pci_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_4302_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:fl_mguard_4305_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "fl_mguard_4305_firmware",
            "vendor": "phoenixcontact",
            "versions": [
              {
                "lessThan": "10.4.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs2000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_att_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:*",
              "cpe:2.3:o:phoenixcontact:tc_mguard_rs4000_4g_vzw_vpn_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tc_mguard_rs4000_4g_vzw_vpn_firmware",
            "vendor": "phoenixcontact",
            "versions": [
              {
                "lessThan": "8.9.3",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T13:46:11.213014Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T14:17:49.005Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD 2102",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD 2105",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD 4102 PCI",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD 4102 PCIE",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD 4302",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD 4305",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD CENTERPORT VPN-1000",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD CORE TX",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD CORE TX VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD DELTA TX/TX",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD DELTA TX/TX VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD GT/GT",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD GT/GT VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD PCI4000",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD PCI4000 VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD PCIE4000",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD PCIE4000 VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS2000 TX/TX-B",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS2000 TX/TX VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS2005 TX VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS4000 TX/TX",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS4000 TX/TX-M",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS4000 TX/TX-P",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS4000 TX/TX VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS4004 TX/DTX",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD RS4004 TX/DTX VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD SMART2",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "FL MGUARD SMART2 VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS2000 3G VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS2000 4G ATT VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS2000 4G VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS2000 4G VZW VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS4000 3G VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS4000 4G ATT VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS4000 4G VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "TC MGUARD RS4000 4G VZW VPN",
          "vendor": "PHOENIX CONTACT",
          "versions": [
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Andrea Palanca"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Nozomi Networks Security Research Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "A low privileged remote attacker with write permissions can reconfigure the SNMP service due to improper input validation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-22T06:22:30.968Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-039"
        }
      ],
      "source": {
        "advisory": "VDE-2024-039",
        "defect": [
          "CERT@VDE#641656"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Phoenix Contact: SNMP reconfiguration due to improper input validation in MGUARD devices",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-43388",
    "datePublished": "2024-09-10T08:44:06.550Z",
    "dateReserved": "2024-08-12T08:30:16.360Z",
    "dateUpdated": "2025-08-22T06:22:30.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43363 (GCVE-0-2024-43363)

Vulnerability from cvelistv5 – Published: 2024-10-07 20:40 – Updated: 2025-11-03 20:38
VLAI
Title
Remote code execution via Log Poisoning in Cacti
Summary
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
Impacted products
Vendor Product Version
Cacti cacti Affected: < 1.2.28
Create a notification for this product.
cacti cacti Affected: 0 , < 1.2.28 (custom)
    cpe:2.3:a:cacti:cacti:-:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cacti:cacti:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cacti",
            "vendor": "cacti",
            "versions": [
              {
                "lessThan": "1.2.28",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43363",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T14:21:20.835700Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T14:22:10.398Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:38:46.778Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cacti",
          "vendor": "Cacti",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.2.28"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-07T20:40:39.173Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4"
        }
      ],
      "source": {
        "advisory": "GHSA-gxq4-mv8h-6qj4",
        "discovery": "UNKNOWN"
      },
      "title": "Remote code execution via Log Poisoning in Cacti"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43363",
    "datePublished": "2024-10-07T20:40:39.173Z",
    "dateReserved": "2024-08-09T14:23:55.512Z",
    "dateUpdated": "2025-11-03T20:38:46.778Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43202 (GCVE-0-2024-43202)

Vulnerability from cvelistv5 – Published: 2024-08-20 07:29 – Updated: 2024-08-20 15:02
VLAI
Title
Apache DolphinScheduler: Remote Code Execution Vulnerability
Summary
Exposure of Remote Code Execution in Apache Dolphinscheduler. This issue affects Apache DolphinScheduler: before 3.2.2. We recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache DolphinScheduler Affected: 3.0.0 , < 3.2.2 (semver)
Create a notification for this product.
apache_software_foundation apache_dolphinscheduler Affected: 3.0.0 , < 3.2.2 (semver)
    cpe:2.3:a:apache_software_foundation:apache_dolphinscheduler:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
an4er
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache_software_foundation:apache_dolphinscheduler:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "apache_dolphinscheduler",
            "vendor": "apache_software_foundation",
            "versions": [
              {
                "lessThan": "3.2.2",
                "status": "affected",
                "version": "3.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-43202",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-20T13:06:20.819939Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T13:13:41.413Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-20T15:02:42.396Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/08/20/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache DolphinScheduler",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "3.2.2",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "an4er"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Exposure of Remote Code Execution in Apache Dolphinscheduler.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache DolphinScheduler: before 3.2.2. \u003cbr\u003e\u003cbr\u003eWe recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue."
            }
          ],
          "value": "Exposure of Remote Code Execution in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.2. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-20T07:29:43.170Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/dolphinscheduler/pull/15758"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-49109"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache DolphinScheduler: Remote Code Execution Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-43202",
    "datePublished": "2024-08-20T07:29:43.170Z",
    "dateReserved": "2024-08-07T15:30:55.296Z",
    "dateUpdated": "2024-08-20T15:02:42.396Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43128 (GCVE-0-2024-43128)

Vulnerability from cvelistv5 – Published: 2024-08-13 10:52 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress WooCommerce Product Table Lite plugin <= 3.5.1 - Arbitrary Code Execution vulnerability
Summary
Improper Control of Generation of Code ('Code Injection') vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
Vendor Product Version
WC Product Table WooCommerce Product Table Lite Affected: n/a , ≤ 3.5.1 (custom)
Create a notification for this product.
wcproducttable woocommerce_product_table_lite Affected: 0 , ≤ 3.5.1 (custom)
    cpe:2.3:a:wcproducttable:woocommerce_product_table_lite:*:*:*:*:*:wordpress:*:*
Create a notification for this product.
Credits
stealthcopter (Patchstack Alliance)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:wcproducttable:woocommerce_product_table_lite:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "woocommerce_product_table_lite",
            "vendor": "wcproducttable",
            "versions": [
              {
                "lessThanOrEqual": "3.5.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43128",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T13:49:05.562503Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T13:52:23.292Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "wc-product-table-lite",
          "product": "WooCommerce Product Table Lite",
          "vendor": "WC Product Table",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.8.6",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.5.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "stealthcopter (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.\u003cp\u003eThis issue affects WooCommerce Product Table Lite: from n/a through 3.5.1.\u003c/p\u003e"
            }
          ],
          "value": "Improper Control of Generation of Code (\u0027Code Injection\u0027) vulnerability in WC Product Table WooCommerce Product Table Lite allows Code Injection.This issue affects WooCommerce Product Table Lite: from n/a through 3.5.1."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-242",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-242 Code Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:10:08.702Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/wc-product-table-lite/wordpress-woocommerce-product-table-lite-plugin-3-5-1-arbitrary-code-execution-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 3.8.6 or a higher version."
            }
          ],
          "value": "Update to 3.8.6 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress WooCommerce Product Table Lite plugin \u003c= 3.5.1 - Arbitrary Code Execution vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2024-43128",
    "datePublished": "2024-08-13T10:52:04.331Z",
    "dateReserved": "2024-08-07T09:19:02.857Z",
    "dateUpdated": "2026-04-28T16:10:08.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41961 (GCVE-0-2024-41961)

Vulnerability from cvelistv5 – Published: 2024-08-01 14:33 – Updated: 2024-08-07 14:23
VLAI
Title
Elektra vulnerable to remote code execution in universal search
Summary
Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
Impacted products
Vendor Product Version
sapcc elektra Affected: < 8bce00be93b95a6512ff68fe86bf9554e486bc02
Create a notification for this product.
sapcc elektra Affected: 0 , < 8bce00be93b95a6512ff68fe86bf9554e486bc02 (custom)
    cpe:2.3:a:sapcc:elektra:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:sapcc:elektra:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "elektra",
            "vendor": "sapcc",
            "versions": [
              {
                "lessThan": "8bce00be93b95a6512ff68fe86bf9554e486bc02",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41961",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T14:22:09.735872Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:23:43.106Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "elektra",
          "vendor": "sapcc",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 8bce00be93b95a6512ff68fe86bf9554e486bc02"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which later flows into an `eval` sink which executes the code. Fixed in commit 8bce00be93b95a6512ff68fe86bf9554e486bc02."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H/E:X/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-01T14:33:46.684Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/sapcc/elektra/security/advisories/GHSA-6j2h-486h-487q"
        },
        {
          "name": "https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sapcc/elektra/commit/49aea3b365082681558bf3bf7bf4a51766cfc44d"
        },
        {
          "name": "https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sapcc/elektra/commit/8bce00be93b95a6512ff68fe86bf9554e486bc02"
        }
      ],
      "source": {
        "advisory": "GHSA-6j2h-486h-487q",
        "discovery": "UNKNOWN"
      },
      "title": "Elektra vulnerable to remote code execution in universal search"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-41961",
    "datePublished": "2024-08-01T14:33:46.684Z",
    "dateReserved": "2024-07-24T16:51:40.951Z",
    "dateUpdated": "2024-08-07T14:23:43.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41921 (GCVE-0-2024-41921)

Vulnerability from cvelistv5 – Published: 2025-07-17 19:13 – Updated: 2025-07-18 08:05
VLAI
Title
Unsafe use of eval() method in rostopic echo tool
Summary
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'echo' verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
Vendor Product Version
Open Source Robotics Foundation Robot Operating System (ROS) Affected: Noetic Ninjemys
Affected: Melodic Morenia
Affected: Kinetic Kame
Affected: Indigo Igloo
Create a notification for this product.
Credits
Florencia Cabral Berenfus, Ubuntu Robotics Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41921",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T20:37:06.242493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-17T20:37:17.375Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "rostopic"
          ],
          "packageName": "rostopic",
          "platforms": [
            "Linux",
            "Windows",
            "MacOS"
          ],
          "product": "Robot Operating System (ROS)",
          "repo": "https://github.com/ros/ros_comm",
          "vendor": "Open Source Robotics Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Noetic Ninjemys"
            },
            {
              "status": "affected",
              "version": "Melodic Morenia"
            },
            {
              "status": "affected",
              "version": "Kinetic Kame"
            },
            {
              "status": "affected",
              "version": "Indigo Igloo"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Florencia Cabral Berenfus, Ubuntu Robotics Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A code injection vulnerability has been discovered in the Robot Operating System (ROS) \u0027rostopic\u0027 command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the \u0027echo\u0027 verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code."
            }
          ],
          "value": "A code injection vulnerability has been discovered in the Robot Operating System (ROS) \u0027rostopic\u0027 command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the \u0027echo\u0027 verb, which allows a user to introspect a ROS topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-586",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-586 Object Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-95",
              "description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-18T08:05:08.288Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://www.ros.org/blog/noetic-eol/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "All ROS (1) versions are EOL, upgrade to a ROS 2 version."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Unsafe use of eval() method in rostopic echo tool"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2024-41921",
    "datePublished": "2025-07-17T19:13:34.025Z",
    "dateReserved": "2024-08-08T14:41:22.680Z",
    "dateUpdated": "2025-07-18T08:05:08.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41667 (GCVE-0-2024-41667)

Vulnerability from cvelistv5 – Published: 2024-07-24 17:29 – Updated: 2024-08-06 19:35
VLAI
Title
OpenAM FreeMarker template injection
Summary
OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default OpenAM login, they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
Vendor Product Version
OpenIdentityPlatform OpenAM Affected: < 15.0.4
Create a notification for this product.
openidentityplatform openam Affected: 0 , < 15.0.4 (custom)
    cpe:2.3:a:openidentityplatform:openam:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openidentityplatform:openam:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openam",
            "vendor": "openidentityplatform",
            "versions": [
              {
                "lessThan": "15.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41667",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T17:25:50.314189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T17:26:24.723Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:46:52.577Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v"
          },
          {
            "name": "https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenAM",
          "vendor": "OpenIdentityPlatform",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 15.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginUrlTemplate` method in RealmOAuth2ProviderSettings.java is vulnerable to template injection due to its usage of user input. Although the developer intended to implement a custom URL for handling login to override the default OpenAM login, they did not restrict the `CustomLoginUrlTemplate`, allowing it to be set freely. Commit fcb8432aa77d5b2e147624fe954cb150c568e0b8 introduces `TemplateClassResolver.SAFER_RESOLVER` to disable the resolution of commonly exploited classes in FreeMarker template injection. As of time of publication, this fix is expected to be part of version 15.0.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-06T19:35:10.420Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-7726-43hg-m23v"
        },
        {
          "name": "https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenIdentityPlatform/OpenAM/commit/fcb8432aa77d5b2e147624fe954cb150c568e0b8"
        }
      ],
      "source": {
        "advisory": "GHSA-7726-43hg-m23v",
        "discovery": "UNKNOWN"
      },
      "title": "OpenAM FreeMarker template injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-41667",
    "datePublished": "2024-07-24T17:29:58.564Z",
    "dateReserved": "2024-07-18T15:21:47.485Z",
    "dateUpdated": "2024-08-06T19:35:10.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41148 (GCVE-0-2024-41148)

Vulnerability from cvelistv5 – Published: 2025-07-17 19:12 – Updated: 2025-07-18 08:04
VLAI
Title
Unsafe use of eval() method in rostopic hz tool
Summary
A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the 'hz' verb, which reports the publishing rate of a topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
Vendor Product Version
Open Source Robotics Foundation Robot Operating System (ROS) Affected: Noetic Ninjemys
Affected: Melodic Morenia
Affected: Kinetic Kame
Affected: Indigo Igloo
Create a notification for this product.
Credits
Florencia Cabral Berenfus, Ubuntu Robotics Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41148",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T20:36:47.021797Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-17T20:36:53.477Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "rostopic"
          ],
          "packageName": "rostopic",
          "platforms": [
            "Linux",
            "Windows",
            "MacOS"
          ],
          "product": "Robot Operating System (ROS)",
          "repo": "https://github.com/ros/ros_comm",
          "vendor": "Open Source Robotics Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Noetic Ninjemys"
            },
            {
              "status": "affected",
              "version": "Melodic Morenia"
            },
            {
              "status": "affected",
              "version": "Kinetic Kame"
            },
            {
              "status": "affected",
              "version": "Indigo Igloo"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Florencia Cabral Berenfus, Ubuntu Robotics Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A code injection vulnerability has been discovered in the Robot Operating System (ROS) \u0027rostopic\u0027 command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the \u0027hz\u0027 verb, which reports the publishing rate of a topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code."
            }
          ],
          "value": "A code injection vulnerability has been discovered in the Robot Operating System (ROS) \u0027rostopic\u0027 command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the \u0027hz\u0027 verb, which reports the publishing rate of a topic and accepts a user-provided Python expression via the --filter option. This input is passed directly to the eval() function without sanitization, allowing a local user to craft and execute arbitrary code."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-586",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-586 Object Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-95",
              "description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-18T08:04:55.109Z",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "tags": [
            "product"
          ],
          "url": "https://www.ros.org/blog/noetic-eol/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "All ROS (1) versions are EOL, upgrade to a ROS 2 version."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Unsafe use of eval() method in rostopic hz tool"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2024-41148",
    "datePublished": "2025-07-17T19:12:54.440Z",
    "dateReserved": "2024-08-01T12:00:12.200Z",
    "dateUpdated": "2025-07-18T08:04:55.109Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39915 (GCVE-0-2024-39915)

Vulnerability from cvelistv5 – Published: 2024-07-15 19:33 – Updated: 2024-08-02 04:33
VLAI
Title
Authenticated remote code execution in Thruk
Summary
Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application does not properly process the url parameter when generating a PDF report. An authorized attacker with access to the reporting functionality could inject arbitrary commands that would be executed when the script /script/html2pdf.sh is called. The vulnerability can be exploited by an authorized user with network access. This issue has been addressed in version 3.16. Users are advised to upgrade. There are no known workarounds for this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
Vendor Product Version
sni Thruk Affected: < 3.16
Create a notification for this product.
thruk thruk Affected: 0 , < 3.16 (custom)
    cpe:2.3:a:thruk:thruk:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:thruk:thruk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "thruk",
            "vendor": "thruk",
            "versions": [
              {
                "lessThan": "3.16",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39915",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T17:45:16.196494Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T17:46:13.046Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:33:11.070Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/sni/Thruk/security/advisories/GHSA-r7gx-h738-4w6f",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/sni/Thruk/security/advisories/GHSA-r7gx-h738-4w6f"
          },
          {
            "name": "https://github.com/sni/Thruk/commit/7e7eb251e76718a07639c4781f0d959d817f173b",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sni/Thruk/commit/7e7eb251e76718a07639c4781f0d959d817f173b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Thruk",
          "vendor": "sni",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.16"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application does not properly process the url parameter when generating a PDF report. An authorized attacker with access to the reporting functionality could inject arbitrary commands that would be executed when the script /script/html2pdf.sh is called. The vulnerability can be exploited by an authorized user with network access. This issue has been addressed in version 3.16. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-15T19:33:13.649Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/sni/Thruk/security/advisories/GHSA-r7gx-h738-4w6f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/sni/Thruk/security/advisories/GHSA-r7gx-h738-4w6f"
        },
        {
          "name": "https://github.com/sni/Thruk/commit/7e7eb251e76718a07639c4781f0d959d817f173b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sni/Thruk/commit/7e7eb251e76718a07639c4781f0d959d817f173b"
        }
      ],
      "source": {
        "advisory": "GHSA-r7gx-h738-4w6f",
        "discovery": "UNKNOWN"
      },
      "title": "Authenticated remote code execution in Thruk"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-39915",
    "datePublished": "2024-07-15T19:33:13.649Z",
    "dateReserved": "2024-07-02T19:37:18.602Z",
    "dateUpdated": "2024-08-02T04:33:11.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39877 (GCVE-0-2024-39877)

Vulnerability from cvelistv5 – Published: 2024-07-17 07:54 – Updated: 2024-09-13 17:05
VLAI
Title
Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler
Summary
Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
  • CWE-277 - Insecure Inherited Permissions
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Airflow Affected: 2.4.0 , < 2.9.3 (semver)
Create a notification for this product.
apache airflow Affected: 2.4.0 , < 2.9.3 (semver)
    cpe:2.3:a:apache:airflow:2.4.0:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Seokchan Yoon (https://github.com/ch4n3-yoon) Wei Lee
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:airflow:2.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "airflow",
            "vendor": "apache",
            "versions": [
              {
                "lessThan": "2.9.3",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-39877",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-277",
                "description": "CWE-277 Insecure Inherited Permissions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:55:22.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-13T17:05:04.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/apache/airflow/pull/40522"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/07/16/7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.python.org",
          "defaultStatus": "unaffected",
          "packageName": "apache-airflow",
          "product": "Apache Airflow",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.9.3",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Seokchan Yoon (https://github.com/ch4n3-yoon)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Wei Lee"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability."
            }
          ],
          "value": "Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-17T07:54:24.338Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/airflow/pull/40522"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-39877",
    "datePublished": "2024-07-17T07:54:24.338Z",
    "dateReserved": "2024-07-01T16:18:42.845Z",
    "dateUpdated": "2024-09-13T17:05:04.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Strategy: Refactoring

Refactor your program so that you do not have to dynamically generate code.

Mitigation
Architecture and Design
  • Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product.
  • Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.
  • This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
  • Be careful to avoid CWE-243 and other weaknesses related to jails.
Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Mitigation
Testing

Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.

Mitigation MIT-32
Operation

Strategy: Compilation or Build Hardening

Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).

Mitigation MIT-32
Operation

Strategy: Environment Hardening

Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).

Mitigation
Implementation

For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].

CAPEC-242: Code Injection

An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.

CAPEC-35: Leverage Executable Code in Non-Executable Files

An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.