CVE-2018-5441

HIGH

PHOENIX CONTACT mGuard <8.6.0 - Info Disclosure

Title source: llm

Description

An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102907

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01

[Patch, Third Party Advisory] https://cert.vde.com/en-us/advisories/vde-2018-001

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 10.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20 CWE-354

Status published

Products (23)

phoenixcontact/mguard_centerport_firmware 7.2.0 - 8.6.0

phoenixcontact/mguard_core_tx_vpn_firmware 7.2.0 - 8.6.0

phoenixcontact/mguard_delta_tx\/tx_firmware 7.2.0 - 8.6.0

phoenixcontact/mguard_delta_tx\/tx_vpn_firmware 7.2.0 - 8.6.0

phoenixcontact/mguard_gt\/gt_firmware 7.2.0 - 8.6.0

phoenixcontact/mguard_gt\/gt_vpn_firmware 7.2.0 - 8.6.0

phoenixcontact/mguard_pci4000_vpn_firmware 7.2.0 - 8.6.0

phoenixcontact/mguard_pcie4000_vpn_firmware 7.2.0 - 8.6.0

phoenixcontact/mguard_rs2000_3g_vpn_firmware 7.2.0 - 8.6.0

phoenixcontact/mguard_rs2000_4g_vpn_firmware 7.2.0 - 8.6.0

... and 13 more

Published Jan 30, 2018

Tracked Since Feb 18, 2026