VDE-2025-077
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2025-09-09 10:00 - Updated: 2025-09-09 10:00Summary
Phoenix Contact: Two vulnerabilities in the jq JSON processor utilized by FL MGUARD 110x devices
Severity
Medium
Notes
Summary: The jq JSON processor, which is used to migrate firmware configurations in the product, contains 2 vulnerabilities that can be exploited by an authenticated attacker.
Impact: An authenticated attacker can cause a denial of service.
Remediation: Phoenix Contact strongly recommends upgrading affected mGuard devices to firmware version 1.8.1 or higher which fixes this vulnerability.
General Recommendation: For general information and recommendations on security measures refer to the mGuard documentation: https://help.mguard.com/en/documentation
Product Description: mGuards are industrial routers and security appliances.
jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.
6.5 (Medium)
Vendor Fix
Phoenix Contact strongly recommends upgrading affected mGuard devices to firmware version 1.8.1 or higher which fixes this vulnerability.
jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.
7.5 (High)
Vendor Fix
Phoenix Contact strongly recommends upgrading affected mGuard devices to firmware version 1.8.1 or higher which fixes this vulnerability.
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://phoenixcontact.com/psirt",
"text": "MEDIUM"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "The jq JSON processor, which is used to migrate firmware configurations in the product, contains 2 vulnerabilities that can be exploited by an authenticated attacker.",
"title": "Summary"
},
{
"category": "description",
"text": "An authenticated attacker can cause a denial of service.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact strongly recommends upgrading affected mGuard devices to firmware version 1.8.1 or higher which fixes this vulnerability.",
"title": "Remediation"
},
{
"category": "general",
"text": "For general information and recommendations on security measures refer to the mGuard documentation: https://help.mguard.com/en/documentation",
"title": "General Recommendation"
},
{
"category": "description",
"text": "mGuards are industrial routers and security appliances.",
"title": "Product Description"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PCSA-2025/00016",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "Phoenix Contact advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2025-077: Phoenix Contact: Two vulnerabilities in the jq JSON processor utilized by FL MGUARD 110x devices - HTML",
"url": "https://certvde.com/en/advisories/VDE-2025-077"
},
{
"category": "self",
"summary": "VDE-2025-077: Phoenix Contact: Two vulnerabilities in the jq JSON processor utilized by FL MGUARD 110x devices - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-077.json"
}
],
"source_lang": "en",
"title": "Phoenix Contact: Two vulnerabilities in the jq JSON processor utilized by FL MGUARD 110x devices",
"tracking": {
"aliases": [
"VDE-2025-077",
"PCSA-2025/00016"
],
"current_release_date": "2025-09-09T10:00:00.000Z",
"generator": {
"date": "2025-08-28T09:27:08.346Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.32"
}
},
"id": "VDE-2025-077",
"initial_release_date": "2025-09-09T10:00:00.000Z",
"revision_history": [
{
"date": "2025-08-04T10:00:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "FL MGUARD 1102",
"product": {
"name": "FL MGUARD 1102",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1153079"
]
}
}
},
{
"category": "product_name",
"name": "FL MGUARD 1105",
"product": {
"name": "FL MGUARD 1105",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"1153078"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.8.1",
"product": {
"name": "Firmware \u003c1.8.1",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "1.8.1",
"product": {
"name": "Firmware 1.8.1",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002"
],
"summary": "Affected products"
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"summary": "Fixed products"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.8.1 installed on FL MGUARD 1102",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c1.8.1 installed on FL MGUARD 1105",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.8.1 installed on FL MGUARD 1102",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.8.1 installed on FL MGUARD 1105",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-23337",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.",
"title": "Vulnerability Description"
},
{
"audience": "operational management and system administrators",
"category": "details",
"text": "An authenticated attacker can cause a denial of service (memory exhaustion) by sending malformed data to the device in an HTTPS request. The impact is mitigated by the device enforcing a limit to the maximum HTTPS request size. To launch a successful attack, an attacker would have to circumvent this limit.",
"title": "Vulnerability Characterization"
},
{
"category": "details",
"text": "In FL MGUARD devices, the jq JSON processor is used to migrate firmware configurations. The vulnerability can only be exploited by an authenticated administrative user in FL MGUARD devices. This reduces the vulnerability\u0027s severity to: CVSS-Score: 4.9, CSSS-Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"title": "Vulnerability Details"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-04T10:00:00.000Z",
"details": "Phoenix Contact strongly recommends upgrading affected mGuard devices to firmware version 1.8.1 or higher which fixes this vulnerability.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "CVE-2024-23337"
},
{
"cve": "CVE-2025-48060",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.",
"title": "Vulnerability Description"
},
{
"audience": "operational management and system administrators",
"category": "details",
"text": "An authenticated attacker can cause a denial of service (crash of HTTPS request processor) by sending malformed data to the device in an HTTPS request.",
"title": "Vulnerability Characterization"
},
{
"category": "details",
"text": "In FL MGUARD devices, the jq JSON processor is used to migrate firmware configurations. The vulnerability can only be exploited by an authenticated administrative user in FL MGUARD devices. This reduces the vulnerability\u0027s severity to: CVSS-Score: 4.9, CSSS-Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"title": "Vulnerability Details"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-04T10:00:00.000Z",
"details": "Phoenix Contact strongly recommends upgrading affected mGuard devices to firmware version 1.8.1 or higher which fixes this vulnerability.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002"
]
}
],
"title": "CVE-2025-48060"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…