cnvd - cnvd-2018-02344

CNVD-2018-02344

Vulnerability from cnvd - Published: 2018-01-31

Title

PHOENIX CONTACT mGuard未授权修改漏洞

Description

Phoenix Contact mGuard是Phoenix Contact的一款保护系统的未授权访问和安装的安全设备。 PHOENIX CONTACT mGuard存在未授权修改漏洞，mGuard设备依靠内部校验更新包完整性，由于验证无法始终正确执行，导致攻击者可利用漏洞修改固件更新包。

Severity

高

Patch Name

PHOENIX CONTACT mGuard未授权修改漏洞的补丁

Patch Description

Phoenix Contact mGuard是Phoenix Contact的一款保护系统的未授权访问和安装的安全设备。 PHOENIX CONTACT mGuard存在未授权修改漏洞，mGuard设备依靠内部校验更新包完整性，由于验证无法始终正确执行，导致攻击者可利用漏洞修改固件更新包。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： http://www.phoenixcontact.net/qr/2702547/firmware_update

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01

Impacted products

Name
PHOENIX CONTACT mGuard >=7.2，<=8.6.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-5441"
    }
  },
  "description": "Phoenix Contact mGuard\u662fPhoenix Contact\u7684\u4e00\u6b3e\u4fdd\u62a4\u7cfb\u7edf\u7684\u672a\u6388\u6743\u8bbf\u95ee\u548c\u5b89\u88c5\u7684\u5b89\u5168\u8bbe\u5907\u3002 \r\n\r\nPHOENIX CONTACT mGuard\u5b58\u5728\u672a\u6388\u6743\u4fee\u6539\u6f0f\u6d1e\uff0cmGuard\u8bbe\u5907\u4f9d\u9760\u5185\u90e8\u6821\u9a8c\u66f4\u65b0\u5305\u5b8c\u6574\u6027\uff0c\u7531\u4e8e\u9a8c\u8bc1\u65e0\u6cd5\u59cb\u7ec8\u6b63\u786e\u6267\u884c\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u4fee\u6539\u56fa\u4ef6\u66f4\u65b0\u5305\u3002",
  "discovererName": "PHOENIX CONTACT",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.phoenixcontact.net/qr/2702547/firmware_update",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-02344",
  "openTime": "2018-01-31",
  "patchDescription": "Phoenix Contact mGuard\u662fPhoenix Contact\u7684\u4e00\u6b3e\u4fdd\u62a4\u7cfb\u7edf\u7684\u672a\u6388\u6743\u8bbf\u95ee\u548c\u5b89\u88c5\u7684\u5b89\u5168\u8bbe\u5907\u3002 \r\n\r\nPHOENIX CONTACT mGuard\u5b58\u5728\u672a\u6388\u6743\u4fee\u6539\u6f0f\u6d1e\uff0cmGuard\u8bbe\u5907\u4f9d\u9760\u5185\u90e8\u6821\u9a8c\u66f4\u65b0\u5305\u5b8c\u6574\u6027\uff0c\u7531\u4e8e\u9a8c\u8bc1\u65e0\u6cd5\u59cb\u7ec8\u6b63\u786e\u6267\u884c\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u4fee\u6539\u56fa\u4ef6\u66f4\u65b0\u5305\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "PHOENIX CONTACT mGuard\u672a\u6388\u6743\u4fee\u6539\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "PHOENIX CONTACT mGuard \u003e=7.2\uff0c\u003c=8.6.0"
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01",
  "serverity": "\u9ad8",
  "submitTime": "2018-01-31",
  "title": "PHOENIX CONTACT mGuard\u672a\u6388\u6743\u4fee\u6539\u6f0f\u6d1e"
}

CVE-2018-5441 (GCVE-0-2018-5441)

Vulnerability from cvelistv5 – Published: 2018-01-30 20:00 – Updated: 2024-08-05 05:33

Summary

An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.

Severity ?

No CVSS data available.

CWE

CWE-354

Assigner

icscert

References

URL

Tags

	http://www.securityfocus.com/bid/102907	vdb-entryx_refsource_BID
	https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01	x_refsource_MISC
	https://cert.vde.com/en-us/advisories/vde-2018-001	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	PHOENIX CONTACT mGuard	Affected: PHOENIX CONTACT mGuard

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "102907",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102907"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PHOENIX CONTACT mGuard",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "PHOENIX CONTACT mGuard"
            }
          ]
        }
      ],
      "datePublic": "2018-01-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-354",
              "description": "CWE-354",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-16T13:57:02",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "name": "102907",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102907"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-5441",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHOENIX CONTACT mGuard",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "PHOENIX CONTACT mGuard"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-354"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "102907",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102907"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2018-001",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2018-001"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-5441",
    "datePublished": "2018-01-30T20:00:00",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-08-05T05:33:44.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-02344

CVE-2018-5441 (GCVE-0-2018-5441)

Tags

Sightings

Nomenclature