First published: Thu Dec 17 2020(Updated: )
On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource
Credit: info@cert.vde.com
Affected Software | Affected Version | How to fix |
---|---|---|
Phoenixcontact Tc Mguard Rs4000 4g Vzw Vpn Firmware | <8.8.3 | |
Phoenixcontact Tc Mguard Rs4000 4g Vzw Vpn | ||
Phoenixcontact Tc Mguard Rs4000 4g Att Vpn Firmware | <8.8.3 | |
Phoenixcontact Tc Mguard Rs4000 4g Att Vpn | ||
Phoenixcontact Fl Mguard Rs4004 Tx\/dtx Firmware | <8.8.3 | |
Phoenixcontact Fl Mguard Rs4004 Tx\/dtx | ||
Phoenixcontact Fl Mguard Rs4004 Tx\/dtx Vpn Firmware | <8.8.3 | |
Phoenixcontact Fl Mguard Rs4004 Tx\/dtx Vpn | ||
Phoenixcontact Tc Mguard Rs4000 3g Vpn Firmware | ||
Phoenixcontact Tc Mguard Rs4000 3g Vpn | ||
Phoenixcontact Tc Mguard Rs4000 4g Vpn Firmware | <8.8.3 | |
Phoenixcontact Tc Mguard Rs4000 4g Vpn | ||
Phoenixcontact Innominate Mguard Rs4000 4tx\/tx Firmware | <8.8.3 | |
Phoenixcontact Innominate Mguard Rs4000 4tx\/tx | ||
Phoenixcontact Innominate Mguard Rs4000 4tx\/tx Vpn Firmware | <8.8.3 | |
Phoenixcontact Innominate Mguard Rs4000 4tx\/tx Vpn | ||
Phoenixcontact Innominate Mguard Rs4000 4tx\/3g\/tx Vpn Firmware | <8.8.3 | |
Phoenixcontact Innominate Mguard Rs4000 4tx\/3g\/tx Vpn |
PHOENIX CONTACT recommends all mGuard users to upgrade to the firmware version 8.8.3.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12523 is a vulnerability found in Phoenix Contact mGuard Devices versions before 8.8.3 that allows LAN ports to become functional after a reboot, even if they were disabled in the device configuration.
CVE-2020-12523 has a severity rating of 9.1 (Critical).
To fix CVE-2020-12523, it is recommended to update the mGuard Devices to version 8.8.3 or higher.
You can find more information about CVE-2020-12523 on the CERT VDE advisory page: https://cert.vde.com/en-us/advisories/vde-2020-046
The Common Weakness Enumeration (CWE) for CVE-2020-12523 is CWE-909.