Phoenix Contact Clears mGuard Hole

Tuesday, January 30, 2018 @ 03:01 PM gHale


Phoenix Contact released new firmware to mitigate an improper validation of integrity check value in its mGuard network device, according to a report with ICS-CERT.

A network device, mGuard firmware versions 7.2 to 8.6.0 suffer from the vulnerability.

Successful exploitation of this vulnerability, which Phoenix Contact self-reported, could allow for an attacker to modify firmware update packages.

RELATED STORIES
ICS Spectre, Meltdown Update
Siemens Updates its Desigo PXC Line
Holes in Nari’s PCS-9611
Siemens Clears Hole in Industrial Products

No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. However, an attacker with low skill level could leverage the vulnerability.

mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.

CVE-2017-5441 is the case number assigned to this vulnerability, which had a CVSS v3 base score of 7.8.

The product sees use mainly in the communications, critical manufacturing and information technology sectors. It also sees action on a global basis.

Germany-based Phoenix Contact recommends affected users upgrade to firmware version 8.6.1:
MGUARD CENTERPORT
MGUARD DELTA TX/TX
MGUARD DELTA TX/TX VPN
MGUARD GT/GT
MGUARD GT/GT VPN
MGUARD PCI4000 VPN
MGUARD PCIE4000 VPN
MGUARD RS2000 TX/TX VPN
MGUARD RS2000 TX/TX-B
MGUARD RS2005 TX VPN
MGUARD RS4000 TX/TX
MGUARD RS4000 TX/TX VPN
MGUARD RS4000 TX/TX VPN-M
MGUARD RS4000 TX/TX-P
MGUARD RS4004 TX/DTX
MGUARD RS4004 TX/DTX VPN
MGUARD SMART2
MGUARD SMART2 VPN
MGUARD RS2000 3G VPN
MGUARD RS4000 3G VPN
MGUARD CORE TX VPN
MGUARD RS2000 4G VPN
MGUARD RS4000 4G VPN



Leave a Reply

You must be logged in to post a comment.