SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-151403280] Phoenix Contact GmbH mGuard

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2017-05-11OtherPhoenix ContactPhoenix Contact GmbH self-reported these vulnerabilities. N/ACVE-2017-7935 CVE-2017-7937 N/AN/AN/A

Source

						
							
								
#
# Phoenix Contact GmbH mGuard
#


### VULNERABLE VENDOR
Phoenix Contact


### VULNERABLE PRODUCT
mGuard



### RESEARCHER
Phoenix Contact GmbH self-reported these vulnerabilities.



### AFFECTED PRODUCTS

The following versions of mGuard, a network device, are affected:

mGuard firmware versions 8.3.0 to 8.4.2



### IMPACT

Successful exploitation of these vulnerabilities could allow an attacker to disrupt the availability of the device and gain unauthorized access to the device.



### VULNERABILITY OVERVIEW

RESOURCE EXHAUSTION CWE-400
An attacker may compromise the device's availability by performing multiple initial VPN requests.
CVE-2017-7935 has been assigned to this vulnerability.
A CVSS v3 base score of 8.6 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)


IMPROPER AUTHENTICATION CWE-287
An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable.
CVE-2017-7937 has been assigned to this vulnerability.
A CVSS v3 base score of 4.0 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)





### BACKGROUND

Critical Infrastructure Sector: Critical Manufacturing
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany




### MITIGATION

Phoenix Contact GmbH recommends that users upgrade to firmware Version 8.5.0, or higher, to mitigate the vulnerabilities.