Search criteria
4 vulnerabilities by Innominate
CVE-2020-12523 (GCVE-0-2020-12523)
Vulnerability from cvelistv5 – Published: 2020-12-17 22:43 – Updated: 2024-09-16 19:04
VLAI?
Summary
On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource
Severity ?
5.4 (Medium)
CWE
- CWE-909 - Missing Initialization of Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix Contact | TC MGUARD RS4000 4G VZW VPN (1010461) |
Affected:
unspecified , < 8.8.3
(custom)
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
Credits
Discovered by SMST Designers & Constructors B.V., Phoenix Contact reported to CERT@VDE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TC MGUARD RS4000 4G VZW VPN (1010461)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TC MGUARD RS4000 4G ATT VPN (1010463)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "FL MGUARD RS4004 TX/DTX (2701876)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "FL MGUARD RS4004 TX/DTX VPN (2701877)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TC MGUARD RS4000 3G VPN (2903440)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TC MGUARD RS4000 4G VPN (2903586)",
"vendor": "Phoenix Contact",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Innominate mGuard rs4000 4TX/TX",
"vendor": "Innominate",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Innominate mGuard rs4000 4TX/TX VPN",
"vendor": "Innominate",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Innominate mGuard rs4000 4TX/3G/TX VPN",
"vendor": "Innominate",
"versions": [
{
"lessThan": "8.8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by SMST Designers \u0026 Constructors B.V., Phoenix Contact reported to CERT@VDE"
}
],
"datePublic": "2020-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-909",
"description": "CWE-909 Missing Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-17T22:43:14",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2020-046"
}
],
"solutions": [
{
"lang": "en",
"value": "PHOENIX CONTACT recommends all mGuard users to upgrade to the firmware version 8.8.3."
}
],
"source": {
"advisory": "VDE-2020-046",
"defect": [
"VDE-2020-046"
],
"discovery": "EXTERNAL"
},
"title": "Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration",
"workarounds": [
{
"lang": "en",
"value": "Instead of deactivating by configuration, network cables should be detached from affected switch ports."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2020-12-17T09:00:00.000Z",
"ID": "CVE-2020-12523",
"STATE": "PUBLIC",
"TITLE": "Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TC MGUARD RS4000 4G VZW VPN (1010461)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "TC MGUARD RS4000 4G ATT VPN (1010463)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "FL MGUARD RS4004 TX/DTX (2701876)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "FL MGUARD RS4004 TX/DTX VPN (2701877)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "TC MGUARD RS4000 3G VPN (2903440)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "TC MGUARD RS4000 4G VPN (2903586)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
}
]
},
"vendor_name": "Phoenix Contact"
},
{
"product": {
"product_data": [
{
"product_name": "Innominate mGuard rs4000 4TX/TX",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "Innominate mGuard rs4000 4TX/TX VPN",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
},
{
"product_name": "Innominate mGuard rs4000 4TX/3G/TX VPN",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "",
"version_value": "8.8.3"
}
]
}
}
]
},
"vendor_name": "Innominate"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Discovered by SMST Designers \u0026 Constructors B.V., Phoenix Contact reported to CERT@VDE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource"
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-909 Missing Initialization of Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en-us/advisories/vde-2020-046",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2020-046"
}
]
},
"solution": [
{
"lang": "en",
"value": "PHOENIX CONTACT recommends all mGuard users to upgrade to the firmware version 8.8.3."
}
],
"source": {
"advisory": "VDE-2020-046",
"defect": [
"VDE-2020-046"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Instead of deactivating by configuration, network cables should be detached from affected switch ports."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12523",
"datePublished": "2020-12-17T22:43:14.788183Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T19:04:46.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3966 (GCVE-0-2015-3966)
Vulnerability from cvelistv5 – Published: 2015-08-30 14:00 – Updated: 2024-08-06 06:04
VLAI?
Summary
The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-08-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-30T14:57:03",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-3966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf",
"refsource": "CONFIRM",
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20150714_001_en.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-3966",
"datePublished": "2015-08-30T14:00:00",
"dateReserved": "2015-05-12T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9193 (GCVE-0-2014-9193)
Vulnerability from cvelistv5 – Published: 2014-12-20 00:00 – Updated: 2025-07-28 20:35
VLAI?
Summary
Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Innominate | mGuard |
Affected:
0 , ≤ 8.1.3
(custom)
Unaffected: 7.6.6 Unaffected: 8.1.4 |
Credits
Innominate Security Technologies has identified a privilege escalation vulnerability affecting all mGuard devices.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mGuard",
"vendor": "Innominate",
"versions": [
{
"lessThanOrEqual": "8.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.6.6"
},
{
"status": "unaffected",
"version": "8.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Innominate Security Technologies has identified a privilege escalation vulnerability affecting all mGuard devices."
}
],
"datePublic": "2014-12-17T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInnominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.\u003c/p\u003e"
}
],
"value": "Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:35:16.302Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-352-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInnominate has released firmware patches Version 7.6.6 and Version \n8.1.4 that mitigates the vulnerability in the mGuard firmware Version 7 \nand Version 8, respectively. Innominate recommends that customers using \nfirmware versions older than Version 7, which are no longer being \nmaintained, should upgrade to mGuard firmware Version 7.6.6 or Version \n8.1.4. Innominate also recommends that customers limit access to the \nadministrative interfaces to a minimum via firewall rules.\u003c/p\u003e\n\u003cp\u003eFor additional information on the vulnerability, Innominate\u2019s security advisory is available on its web site at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.innominate.com/en/downloads/security-advisories\"\u003ehttp://www.innominate.com/en/downloads/security-advisories\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eInnominate\u2019s firmware updates are available on its web site at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.innominate.com/en/downloads/updates\"\u003ehttp://www.innominate.com/en/downloads/updates\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Innominate has released firmware patches Version 7.6.6 and Version \n8.1.4 that mitigates the vulnerability in the mGuard firmware Version 7 \nand Version 8, respectively. Innominate recommends that customers using \nfirmware versions older than Version 7, which are no longer being \nmaintained, should upgrade to mGuard firmware Version 7.6.6 or Version \n8.1.4. Innominate also recommends that customers limit access to the \nadministrative interfaces to a minimum via firewall rules.\n\n\nFor additional information on the vulnerability, Innominate\u2019s security advisory is available on its web site at:\n\n http://www.innominate.com/en/downloads/security-advisories \n\n\nInnominate\u2019s firmware updates are available on its web site at:\n\n http://www.innominate.com/en/downloads/updates"
}
],
"source": {
"advisory": "ICSA-14-352-02",
"discovery": "INTERNAL"
},
"title": "Innominate mGuard Improper Privilege Management",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf",
"refsource": "CONFIRM",
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9193",
"datePublished": "2014-12-20T00:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2025-07-28T20:35:16.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2356 (GCVE-0-2014-2356)
Vulnerability from cvelistv5 – Published: 2014-07-30 14:00 – Updated: 2025-10-03 17:08
VLAI?
Summary
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Innominate | mGuard |
Affected:
4.0.0 , ≤ 8.0.2
(custom)
Unaffected: 7.6.4 Unaffected: 8.0.3 Unaffected: 8.1.0 Unaffected: 8.1.1 |
Credits
Applied Risk Research team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mGuard",
"vendor": "Innominate",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.6.4"
},
{
"status": "unaffected",
"version": "8.0.3"
},
{
"status": "unaffected",
"version": "8.1.0"
},
{
"status": "unaffected",
"version": "8.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Applied Risk Research team"
}
],
"datePublic": "2014-07-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInnominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.\u003c/p\u003e"
}
],
"value": "Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T17:08:22.828Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-189-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAll users of affected Innominate mGuard devices may either update to \none of the following firmware versions: 7.6.4, 8.0.3, 8.1.0, 8.1.1, or \nhigher, or use the hotfix-CVE-2014-2356.tar.gz patch-update to fix their\n systems without updating any other component.\u003c/p\u003e\n\u003cp\u003eThe patch can be applied by either uploading the patch-update as \n\u201cLocal Update\u201d or by the \u201cOnline Update\u201d functionality and using \nhotfix-CVE-2014-2356 as \u201cPackage set name.\u201d In addition, Innominate \nrecommends limiting access to the administrative interfaces via firewall\n rules to the minimum necessary.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "All users of affected Innominate mGuard devices may either update to \none of the following firmware versions: 7.6.4, 8.0.3, 8.1.0, 8.1.1, or \nhigher, or use the hotfix-CVE-2014-2356.tar.gz patch-update to fix their\n systems without updating any other component.\n\n\nThe patch can be applied by either uploading the patch-update as \n\u201cLocal Update\u201d or by the \u201cOnline Update\u201d functionality and using \nhotfix-CVE-2014-2356 as \u201cPackage set name.\u201d In addition, Innominate \nrecommends limiting access to the administrative interfaces via firewall\n rules to the minimum necessary."
}
],
"source": {
"advisory": "ICSA-14-189-02",
"discovery": "EXTERNAL"
},
"title": "Innominate mGuard Exposure of Sensitive Information to an Unauthorized Actor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2356",
"datePublished": "2014-07-30T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-03T17:08:22.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}