Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-5441

An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.

Published

2018-01-30T20:29:00.457

Last Modified

2024-11-21T04:08:48.653

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-354
  • Type: Primary
    CWE-20
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System phoenixcontact mguard_centerport_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_centerport - No
Operating System phoenixcontact mguard_delta_tx\/tx_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_delta_tx\/tx - No
Operating System phoenixcontact mguard_delta_tx\/tx_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_delta_tx\/tx_vpn - No
Operating System phoenixcontact mguard_gt\/gt_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_gt\/gt - No
Operating System phoenixcontact mguard_gt\/gt_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_gt\/gt_vpn - No
Operating System phoenixcontact mguard_pci4000_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_pci4000_vpn - No
Operating System phoenixcontact mguard_pcie4000_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_pcie4000_vpn - No
Operating System phoenixcontact mguard_rs2000_tx\/tx_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs2000_tx\/tx_vpn - No
Operating System phoenixcontact mguard_rs2000_tx\/tx-b_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs2000_tx\/tx-b - No
Operating System phoenixcontact mguard_rs2005_tx_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs2005_tx_vpn - No
Operating System phoenixcontact mguard_rs4000_tx\/tx_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs4000_tx\/tx - No
Operating System phoenixcontact mguard_rs4000_tx\/tx_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs4000_tx\/tx_vpn - No
Operating System phoenixcontact mguard_rs4000_tx\/tx_vpn-m_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs4000_tx\/tx_vpn-m - No
Operating System phoenixcontact mguard_rs4000_tx\/tx-p_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs4000_tx\/tx-p - No
Operating System phoenixcontact mguard_rs4004_tx\/dtx_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs4004_tx\/dtx - No
Operating System phoenixcontact mguard_rs4004_tx\/dtx_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs4004_tx\/dtx_vpn - No
Operating System phoenixcontact mguard_smart2_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_smart2 - No
Operating System phoenixcontact mguard_smart2_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_smart2_vpn - No
Operating System phoenixcontact mguard_rs2000_3g_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs2000_3g_vpn - No
Operating System phoenixcontact mguard_rs4000_3g_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs4000_3g_vpn - No
Operating System phoenixcontact mguard_core_tx_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_core_tx_vpn - No
Operating System phoenixcontact mguard_rs2000_4g_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs2000_4g_vpn - No
Operating System phoenixcontact mguard_rs4000_4g_vpn_firmware ≤ 8.6.0 Yes
Hardware phoenixcontact mguard_rs4000_4g_vpn - No
References