Search criteria
3 vulnerabilities found for mguard_rs2000_tx\/tx-b_firmware by phoenixcontact
FKIE_CVE-2018-5441
Vulnerability from fkie_nvd - Published: 2018-01-30 20:29 - Updated: 2024-11-21 04:08
Severity ?
Summary
An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/102907 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://cert.vde.com/en-us/advisories/vde-2018-001 | Patch, Third Party Advisory | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102907 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en-us/advisories/vde-2018-001 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_centerport_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6005AE8C-7CB3-41FA-9ECB-9C9037B48893",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_centerport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "324613AE-C9FA-47FA-8FB1-E76134C7CBED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_delta_tx\\/tx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A6BEE0-43D0-4A12-9C3A-116984C4DEB4",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_delta_tx\\/tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59B2643C-0EC5-4AD5-B535-C2222E7AE406",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_delta_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D71D1E8-F9B2-44C9-B15A-0C42C18F25A7",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_delta_tx\\/tx_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B6CE71E-5CDF-45F6-AD09-B03A750250C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_gt\\/gt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D32CBD-BF58-4CC6-A325-A7A3508D8656",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_gt\\/gt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1E4D97-BCEC-4F1D-8B40-B24B1ECA439E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_gt\\/gt_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "718DC9CE-3519-4733-801C-17A882185CAF",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_gt\\/gt_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92A92F7A-EE80-4323-825C-27E9089CA633",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_pci4000_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "797F0C72-8189-4EC5-BBF0-07E266446AA7",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_pci4000_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8220FE6A-E74D-4FFC-82BA-22F3016F146C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_pcie4000_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C60E7710-91B8-4B15-A16B-9F6668195F85",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_pcie4000_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A3F679-0067-471F-B46B-CDB16089E93C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE290F1-F7D4-46D1-AE4F-377BC5D212D9",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2000_tx\\/tx_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDD6DBE-D9B1-415D-8284-1BE8D786ED24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2000_tx\\/tx-b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3985BB8B-EB08-47EE-B34D-1FA86B4411F5",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2000_tx\\/tx-b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F50ABE1-5FAB-426C-8F16-95A9E52FFBC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2005_tx_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60530BD0-E190-4C01-92BB-12F048C46758",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2005_tx_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F31A6108-2E06-43F7-AB8A-4D1A76D8ADEF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_tx\\/tx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C67B81A-CE29-43B4-994E-ED4AF3C14457",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_tx\\/tx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB26D7E-DE57-486E-965A-7B018B9ED58B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ED72FD3-7A3B-4102-9B96-465EBEF93914",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_tx\\/tx_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5193E597-3C65-49F6-BBE2-C164F89AB188",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_tx\\/tx_vpn-m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F541618-C97E-4DA2-AB39-7AEE81D00574",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_tx\\/tx_vpn-m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4566E57B-1E44-425E-8D88-36C1201A9E5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_tx\\/tx-p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D226957-05AF-4DDA-8C8D-CC2E956196EF",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_tx\\/tx-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3E45AC-5FD2-457E-A004-6C07CEDAD306",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4004_tx\\/dtx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "041DD89B-AF3A-4EE7-B3DC-0DA007262ECC",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4004_tx\\/dtx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFE74BB-0167-4484-AE87-F17A55829844",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4004_tx\\/dtx_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "038962DC-3D92-44B7-A003-38B34E0ACB94",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4004_tx\\/dtx_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4473C338-9A25-4FD5-8736-4072D0FA265E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_smart2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C65B2C-DCDF-4822-B2EC-0ACE339FB821",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_smart2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B2EDFA2-FE87-4B6E-8380-AD6F66A3EA09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_smart2_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "065D3E69-85D2-4193-9F45-6AEF09B9AA99",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_smart2_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2799FB2-FA17-4C7F-91B7-F6A06055E657",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA40CB1-6FDB-47C2-BA72-69B9C90B3797",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2000_3g_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02D3A13E-0C0D-4073-AE22-5D96F43B3B81",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "392CB8FC-CCBD-48D4-97D8-8B532864BBFF",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_3g_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA558DA-2590-42B0-BFE8-BCC590B6E9AC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_core_tx_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE9BBFB-FA4D-4368-978A-974784B05884",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_core_tx_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4B73EB-D000-4BD9-BEA2-AAC6A01600FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F21C1837-5C64-43E6-AEDC-29B6D44C4EEA",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2000_4g_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E805FC49-F621-4552-B5F7-BEF2C9CE4CEC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3125CAB7-ECEA-4FB7-9B2A-F2C25F29EE03",
"versionEndIncluding": "8.6.0",
"versionStartIncluding": "7.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_4g_vpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34CB4439-3EEA-40A1-A2AE-3594A8DB7AA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."
},
{
"lang": "es",
"value": "Se ha descubierto un problema de validaci\u00f3n indebida de valores de comprobaci\u00f3n de integridad en PHOENIX CONTACT mGuard, en versiones de firmware 7.2 a 8.6.0. Los dispositivos mGuard dependen de sumas de verificaci\u00f3n internas para verificar la integridad interna de los paquetes de actualizaci\u00f3n. La verificaci\u00f3n podr\u00eda no realizarse siempre correctamente, lo que permite que un atacante modifique paquetes de actualizaci\u00f3n de firmware."
}
],
"id": "CVE-2018-5441",
"lastModified": "2024-11-21T04:08:48.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-30T20:29:00.457",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102907"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-5441 (GCVE-0-2018-5441)
Vulnerability from cvelistv5 – Published: 2018-01-30 20:00 – Updated: 2024-08-05 05:33
VLAI?
Summary
An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PHOENIX CONTACT mGuard |
Affected:
PHOENIX CONTACT mGuard
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102907",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102907"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHOENIX CONTACT mGuard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PHOENIX CONTACT mGuard"
}
]
}
],
"datePublic": "2018-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-16T13:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "102907",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102907"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHOENIX CONTACT mGuard",
"version": {
"version_data": [
{
"version_value": "PHOENIX CONTACT mGuard"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102907"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2018-001",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5441",
"datePublished": "2018-01-30T20:00:00",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-08-05T05:33:44.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5441 (GCVE-0-2018-5441)
Vulnerability from nvd – Published: 2018-01-30 20:00 – Updated: 2024-08-05 05:33
VLAI?
Summary
An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | PHOENIX CONTACT mGuard |
Affected:
PHOENIX CONTACT mGuard
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102907",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102907"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PHOENIX CONTACT mGuard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "PHOENIX CONTACT mGuard"
}
]
}
],
"datePublic": "2018-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-16T13:57:02",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "102907",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102907"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-5441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PHOENIX CONTACT mGuard",
"version": {
"version_data": [
{
"version_value": "PHOENIX CONTACT mGuard"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-354"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102907"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2018-001",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-5441",
"datePublished": "2018-01-30T20:00:00",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-08-05T05:33:44.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}