VDE-2020-046
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2020-12-17 09:01 - Updated: 2025-05-14 12:28Summary
PHOENIX CONTACT: mGuard <8.8.3 products missing initialization of resource
Notes
Summary: For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource (CWE-909).
Impact: After a reboot, affected mGuard devices may unexpectedly receive or send data on disabled switch ports. This includes the unexpected provision of administrative interfaces. Attackers may try to access confidential data or compromise the availability of mGuard services by flooding or resource exhaustion.
Mitigation: Instead of deactivating by configuration, network cables should be detached from affected switch
ports.
Remediation: Mitigation Instead of deactivating by configuration, network cables should be detached from affected switchports. Solution PHOENIX CONTACT recommends all mGuard users to upgrade to the firmware version 8.8.3.
On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource
9.1 (Critical)
Vendor Fix
Mitigation Instead of deactivating by configuration, network cables should be detached from affected switchports. Solution PHOENIX CONTACT recommends all mGuard users to upgrade to the firmware version 8.8.3.
Mitigation
Instead of deactivating by configuration, network cables should be detached from affected switch
ports.
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
" SMST Designers \u0026 Constructors B.V"
],
"organization": "SMST Designers \u0026 Constructors B.V",
"summary": "reporting",
"urls": [
"https://www.smstequipment.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource (CWE-909).",
"title": "Summary"
},
{
"category": "description",
"text": "After a reboot, affected mGuard devices may unexpectedly receive or send data on disabled switch ports. This includes the unexpected provision of administrative interfaces. Attackers may try to access confidential data or compromise the availability of mGuard services by flooding or resource exhaustion.",
"title": "Impact"
},
{
"category": "description",
"text": "Instead of deactivating by configuration, network cables should be detached from affected switch\nports.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Mitigation Instead of deactivating by configuration, network cables should be detached from affected switchports. Solution PHOENIX CONTACT recommends all mGuard users to upgrade to the firmware version 8.8.3.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "Phoenix Contact PSIRT ",
"url": "https://www.phoenixcontact.com/de-de/service-und-support/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact"
},
{
"category": "self",
"summary": "VDE-2020-046: PHOENIX CONTACT: mGuard \u003c8.8.3 products missing initialization of resource - HTML",
"url": "https://certvde.com/en/advisories/VDE-2020-046/"
},
{
"category": "self",
"summary": "VDE-2020-046: PHOENIX CONTACT: mGuard \u003c8.8.3 products missing initialization of resource - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2020/vde-2020-046.json"
}
],
"title": "PHOENIX CONTACT: mGuard \u003c8.8.3 products missing initialization of resource",
"tracking": {
"aliases": [
"VDE-2020-046"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2020-12-17T09:01:00.000Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.11"
}
},
"id": "VDE-2020-046",
"initial_release_date": "2020-12-17T09:01:00.000Z",
"revision_history": [
{
"date": "2020-12-17T09:01:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "2",
"summary": "Fix: removed ia, added distribution"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.8.3",
"product": {
"name": "\u003c8.8.3",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "8.8.3",
"product": {
"name": "8.8.3",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
},
{
"branches": [
{
"category": "product_name",
"name": "FL MGUARD RS4004 TX/DTX",
"product": {
"name": "FL MGUARD RS4004 TX/DTX",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"2701876"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD RS4004 TX/DTX VPN",
"product": {
"name": "FL MGUARD RS4004 TX/DTX VPN",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2701877"
]
}
}
},
{
"category": "product_name",
"name": "mGuard rs4000 4TX/3G/TX VPN",
"product": {
"name": "mGuard rs4000 4TX/3G/TX VPN",
"product_id": "CSAFPID-11003"
}
},
{
"category": "product_name",
"name": "mGuard rs4000 4TX/TX",
"product": {
"name": "mGuard rs4000 4TX/TX",
"product_id": "CSAFPID-11004"
}
},
{
"category": "product_name",
"name": "mGuard rs4000 4TX/TX VPN",
"product": {
"name": "mGuard rs4000 4TX/TX VPN",
"product_id": "CSAFPID-11005"
}
},
{
"category": "product_name",
"name": "TC MGUARD RS4000 3G VPN",
"product": {
"name": "TC MGUARD RS4000 3G VPN",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"2903440"
]
}
}
},
{
"category": "product_name",
"name": "TC MGUARD RS4000 4G ATT VPN",
"product": {
"name": "TC MGUARD RS4000 4G ATT VPN",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"1010463"
]
}
}
},
{
"category": "product_name",
"name": "TC MGUARD RS4000 4G VPN",
"product": {
"name": "TC MGUARD RS4000 4G VPN",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"2903586"
]
}
}
},
{
"category": "product_name",
"name": "TC MGUARD RS4000 4G VZW VPN",
"product": {
"name": "TC MGUARD RS4000 4G VZW VPN",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"1010461"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c8.8.3 installed on FL MGUARD RS4004 TX/DTX",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c8.8.3 installed on FL MGUARD RS4004 TX/DTX VPN",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c8.8.3 installed on mGuard rs4000 4TX/3G/TX VPN",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c8.8.3 installed on mGuard rs4000 4TX/TX",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c8.8.3 installed on mGuard rs4000 4TX/TX VPN",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c8.8.3 installed on TC MGUARD RS4000 3G VPN",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c8.8.3 installed on TC MGUARD RS4000 4G ATT VPN",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c8.8.3 installed on TC MGUARD RS4000 4G VPN",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c8.8.3 installed on TC MGUARD RS4000 4G VZW VPN",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.3 installed on FL MGUARD RS4004 TX/DTX",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.3 installed on FL MGUARD RS4004 TX/DTX VPN",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.3 installed on mGuard rs4000 4TX/3G/TX VPN",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.3 installed on mGuard rs4000 4TX/TX",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.3 installed on mGuard rs4000 4TX/TX VPN",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.3 installed on TC MGUARD RS4000 3G VPN",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.3 installed on TC MGUARD RS4000 4G ATT VPN",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.3 installed on TC MGUARD RS4000 4G VPN",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 8.8.3 installed on TC MGUARD RS4000 4G VZW VPN",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11009"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-12523",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Mitigation Instead of deactivating by configuration, network cables should be detached from affected switchports. Solution PHOENIX CONTACT recommends all mGuard users to upgrade to the firmware version 8.8.3.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "mitigation",
"details": "Instead of deactivating by configuration, network cables should be detached from affected switch\nports.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2020-12523"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…