Your one-stop web resource providing safety and security information to manufacturers

Phoenix Contact GmbH released new firmware to mitigate resource exhaustion and improper authentication vulnerabilities in its mGuard network device, according to a report with ICS-CERT.

Phoenix Contact’s mGuard firmware versions 8.3.0 to 8.4.2 suffer from the remotely exploitable vulnerabilities that were self-reported.

RELATED STORIES
Satel Iberia Fixes, Logger, Meter
Siemens Fix for Devices Using PROFINET DCP
Siemens Firmware Updates for PROFINET DCP
Siemens Updates SIMATIC Vulnerability

Successful exploitation of these vulnerabilities could allow an attacker to disrupt the availability of the device and gain unauthorized access to the device.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level would be able to leverage the vulnerabilities.

Schneider Bold

In the resource exhaustion issue, an attacker may compromise the device’s availability by performing multiple initial VPN requests.

CVE-2017-7935 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.6.

In the improper authentication vulnerability, an attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable.

CVE-2017-7937 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.0.

The product sees use mainly in the critical manufacturing sector. It sees action on a global basis.

Germany-based Phoenix Contact GmbH recommends users upgrade to firmware Version 8.5.0, or higher, to mitigate the vulnerabilities.

Pin It on Pinterest

Share This