Description
An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102907
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01
Patch, Third Party Advisory x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2018-001
Scores
CVSS v3
7.8
EPSS
0.0029
EPSS Percentile
20.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
CWE-354
Status
published
Products (23)
phoenixcontact/mguard_centerport_firmware
7.2.0 - 8.6.0
phoenixcontact/mguard_core_tx_vpn_firmware
7.2.0 - 8.6.0
phoenixcontact/mguard_delta_tx\/tx_firmware
7.2.0 - 8.6.0
phoenixcontact/mguard_delta_tx\/tx_vpn_firmware
7.2.0 - 8.6.0
phoenixcontact/mguard_gt\/gt_firmware
7.2.0 - 8.6.0
phoenixcontact/mguard_gt\/gt_vpn_firmware
7.2.0 - 8.6.0
phoenixcontact/mguard_pci4000_vpn_firmware
7.2.0 - 8.6.0
phoenixcontact/mguard_pcie4000_vpn_firmware
7.2.0 - 8.6.0
phoenixcontact/mguard_rs2000_3g_vpn_firmware
7.2.0 - 8.6.0
phoenixcontact/mguard_rs2000_4g_vpn_firmware
7.2.0 - 8.6.0
... and 13 more
Published
Jan 30, 2018
Tracked Since
Feb 18, 2026