high
7.8
CWE
20 354
Advisory Published
Updated

CVE-2018-5441: Input Validation

First published: Tue Jan 30 2018(Updated: )

An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Phoenixcontact Mguard Centerport Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Centerport
Phoenixcontact Mguard Delta Tx\/tx Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Delta Tx\/tx
Phoenixcontact Mguard Delta Tx\/tx Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Delta Tx\/tx Vpn
Phoenixcontact Mguard Gt\/gt Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Gt\/gt
Phoenixcontact Mguard Gt\/gt Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Gt\/gt Vpn
Phoenixcontact Mguard Pci4000 Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Pci4000 Vpn
Phoenixcontact Mguard Pcie4000 Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Pcie4000 Vpn
Phoenixcontact Mguard Rs2000 Tx\/tx Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs2000 Tx\/tx Vpn
Phoenixcontact Mguard Rs2000 Tx\/tx-b Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs2000 Tx\/tx-b
Phoenixcontact Mguard Rs2005 Tx Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs2005 Tx Vpn
Phoenixcontact Mguard Rs4000 Tx\/tx Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs4000 Tx\/tx
Phoenixcontact Mguard Rs4000 Tx\/tx Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs4000 Tx\/tx Vpn
Phoenixcontact Mguard Rs4000 Tx\/tx Vpn-m Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs4000 Tx\/tx Vpn-m
Phoenixcontact Mguard Rs4000 Tx\/tx-p Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs4000 Tx\/tx-p
Phoenixcontact Mguard Rs4004 Tx\/dtx Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs4004 Tx\/dtx
Phoenixcontact Mguard Rs4004 Tx\/dtx Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs4004 Tx\/dtx Vpn
Phoenixcontact Mguard Smart2 Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Smart2
Phoenixcontact Mguard Smart2 Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Smart2 Vpn
Phoenixcontact Mguard Rs2000 3g Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs2000 3g Vpn
Phoenixcontact Mguard Rs4000 3g Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs4000 3g Vpn
Phoenixcontact Mguard Core Tx Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Core Tx Vpn
Phoenixcontact Mguard Rs2000 4g Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs2000 4g Vpn
Phoenixcontact Mguard Rs4000 4g Vpn Firmware>=7.2.0<=8.6.0
Phoenixcontact Mguard Rs4000 4g Vpn

Remedy

https://cert.vde.com/en-us/advisories/vde-2018-001

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203