Vulnerabilites related to phoenixcontact - mguard_rs2005_tx_vpn
Vulnerability from fkie_nvd
Published
2018-01-30 20:29
Modified
2024-11-21 04:08
Severity ?
Summary
An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/102907 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://cert.vde.com/en-us/advisories/vde-2018-001 | Patch, Third Party Advisory | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102907 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en-us/advisories/vde-2018-001 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_centerport_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6005AE8C-7CB3-41FA-9ECB-9C9037B48893",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_centerport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324613AE-C9FA-47FA-8FB1-E76134C7CBED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_delta_tx\\/tx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A6BEE0-43D0-4A12-9C3A-116984C4DEB4",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_delta_tx\\/tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B2643C-0EC5-4AD5-B535-C2222E7AE406",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_delta_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D71D1E8-F9B2-44C9-B15A-0C42C18F25A7",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_delta_tx\\/tx_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CE71E-5CDF-45F6-AD09-B03A750250C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_gt\\/gt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D32CBD-BF58-4CC6-A325-A7A3508D8656",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_gt\\/gt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E4D97-BCEC-4F1D-8B40-B24B1ECA439E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_gt\\/gt_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "718DC9CE-3519-4733-801C-17A882185CAF",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_gt\\/gt_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92A92F7A-EE80-4323-825C-27E9089CA633",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_pci4000_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "797F0C72-8189-4EC5-BBF0-07E266446AA7",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_pci4000_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8220FE6A-E74D-4FFC-82BA-22F3016F146C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_pcie4000_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C60E7710-91B8-4B15-A16B-9F6668195F85",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_pcie4000_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A3F679-0067-471F-B46B-CDB16089E93C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE290F1-F7D4-46D1-AE4F-377BC5D212D9",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2000_tx\\/tx_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDD6DBE-D9B1-415D-8284-1BE8D786ED24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2000_tx\\/tx-b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3985BB8B-EB08-47EE-B34D-1FA86B4411F5",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2000_tx\\/tx-b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F50ABE1-5FAB-426C-8F16-95A9E52FFBC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2005_tx_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60530BD0-E190-4C01-92BB-12F048C46758",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2005_tx_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F31A6108-2E06-43F7-AB8A-4D1A76D8ADEF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_tx\\/tx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C67B81A-CE29-43B4-994E-ED4AF3C14457",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_tx\\/tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB26D7E-DE57-486E-965A-7B018B9ED58B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED72FD3-7A3B-4102-9B96-465EBEF93914",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_tx\\/tx_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5193E597-3C65-49F6-BBE2-C164F89AB188",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_tx\\/tx_vpn-m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F541618-C97E-4DA2-AB39-7AEE81D00574",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_tx\\/tx_vpn-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4566E57B-1E44-425E-8D88-36C1201A9E5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_tx\\/tx-p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D226957-05AF-4DDA-8C8D-CC2E956196EF",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_tx\\/tx-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3E45AC-5FD2-457E-A004-6C07CEDAD306",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4004_tx\\/dtx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041DD89B-AF3A-4EE7-B3DC-0DA007262ECC",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4004_tx\\/dtx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFE74BB-0167-4484-AE87-F17A55829844",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4004_tx\\/dtx_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "038962DC-3D92-44B7-A003-38B34E0ACB94",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4004_tx\\/dtx_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4473C338-9A25-4FD5-8736-4072D0FA265E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_smart2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C65B2C-DCDF-4822-B2EC-0ACE339FB821",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_smart2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2EDFA2-FE87-4B6E-8380-AD6F66A3EA09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_smart2_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065D3E69-85D2-4193-9F45-6AEF09B9AA99",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_smart2_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2799FB2-FA17-4C7F-91B7-F6A06055E657",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA40CB1-6FDB-47C2-BA72-69B9C90B3797",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2000_3g_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02D3A13E-0C0D-4073-AE22-5D96F43B3B81",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "392CB8FC-CCBD-48D4-97D8-8B532864BBFF",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_3g_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA558DA-2590-42B0-BFE8-BCC590B6E9AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_core_tx_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE9BBFB-FA4D-4368-978A-974784B05884",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_core_tx_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4B73EB-D000-4BD9-BEA2-AAC6A01600FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F21C1837-5C64-43E6-AEDC-29B6D44C4EEA",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2000_4g_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E805FC49-F621-4552-B5F7-BEF2C9CE4CEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3125CAB7-ECEA-4FB7-9B2A-F2C25F29EE03",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_4g_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CB4439-3EEA-40A1-A2AE-3594A8DB7AA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de validaci\u00f3n indebida de valores de comprobaci\u00f3n de integridad en PHOENIX CONTACT mGuard, en versiones de firmware 7.2 a 8.6.0. Los dispositivos mGuard dependen de sumas de verificaci\u00f3n internas para verificar la integridad interna de los paquetes de actualizaci\u00f3n. La verificaci\u00f3n podr\u00eda no realizarse siempre correctamente, lo que permite que un atacante modifique paquetes de actualizaci\u00f3n de firmware."
}
],
"id": "CVE-2018-5441",
"lastModified": "2024-11-21T04:08:48.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-30T20:29:00.457",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102907"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-5441 (GCVE-0-2018-5441)
Vulnerability from cvelistv5
Published
2018-01-30 20:00
Modified
2024-08-05 05:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PHOENIX CONTACT mGuard |
Version: PHOENIX CONTACT mGuard |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102907",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102907"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHOENIX CONTACT mGuard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PHOENIX CONTACT mGuard"
}
]
}
],
"datePublic": "2018-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-16T13:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "102907",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102907"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHOENIX CONTACT mGuard",
"version": {
"version_data": [
{
"version_value": "PHOENIX CONTACT mGuard"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102907"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2018-001",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5441",
"datePublished": "2018-01-30T20:00:00",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-08-05T05:33:44.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}