CVE-2024-43384
Root Password Exposure in Firmware via Information Leak
Publication date: 2026-05-07
Last updated on: 2026-05-11
Assigner: CERT VDE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phoenixcontact | fl_mguard_2102_firmware | to 10.4.1 (exc) |
| phoenixcontact | fl_mguard_2105_firmware | to 10.4.1 (exc) |
| phoenixcontact | fl_mguard_4102_pci_firmware | to 10.4.1 (exc) |
| phoenixcontact | fl_mguard_4102_pcie_firmware | to 10.4.1 (exc) |
| phoenixcontact | fl_mguard_4302_firmware | to 10.4.1 (exc) |
| phoenixcontact | fl_mguard_4305_firmware | to 10.4.1 (exc) |
| phoenixcontact | fl_mguard_centerport_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_centerport_vpn-1000_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_core_tx_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_core_tx_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_delta_tx/tx_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_delta_tx/tx_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_gt/gt_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_gt/gt_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_pci4000_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_pci4000_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_pcie4000_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_pcie4000_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_rs2000_tx/tx_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_rs2000_tx/tx-b_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_rs2005_tx_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_rs4000_tx/tx_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_rs4000_tx/tx_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_rs4000_tx/tx-m_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_rs4000_tx/tx-p_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_rs4004_tx/dtx_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_rs4004_tx/dtx_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_smart2_firmware | to 8.9.3 (exc) |
| phoenixcontact | fl_mguard_smart2_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | tc_mguard_rs2000_3g_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | tc_mguard_rs2000_4g_att_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | tc_mguard_rs2000_4g_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | tc_mguard_rs2000_4g_vzw_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | tc_mguard_rs4000_3g_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | tc_mguard_rs4000_4g_att_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | tc_mguard_rs4000_4g_vpn_firmware | to 8.9.3 (exc) |
| phoenixcontact | tc_mguard_rs4000_4g_vzw_vpn_firmware | to 8.9.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-212 | The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-43384 is a vulnerability in Phoenix Contact mGuard devices where a low-privileged remote attacker can obtain the root password. This happens because sensitive information is not properly removed before it is stored or transferred, allowing unauthorized access to critical credentials.
How can this vulnerability impact me? :
This vulnerability can have a severe impact as it allows a low-privileged remote attacker to gain root access to affected devices. With root access, the attacker can fully control the device, potentially leading to data breaches, disruption of services, and unauthorized changes to system configurations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the firmware of affected Phoenix Contact mGuard devices to the fixed versions.
- Upgrade to firmware version 8.9.3 or later for applicable models.
- Upgrade to firmware version 10.4.1 or later for other applicable models.
These updates address the improper removal of sensitive information that allows a low-privileged remote attacker to obtain the root password.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a low privileged remote attacker to gain the root password due to improper removal of sensitive information before storage or transfer. Such unauthorized access to sensitive credentials can lead to data breaches and unauthorized system control.
Consequently, this can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive information and proper access controls to prevent unauthorized disclosure or access.