Sign-up

ID

VAR-201705-3746


CVE

CVE-2017-7935


TITLE

Phoenix Contact mGuard Denial of service vulnerability

Trust: 0.8

sources: IVD: fb08d782-bab9-490f-be5a-5b968518646e // CNVD: CNVD-2017-09580

DESCRIPTION

A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests. Phoenix Contact mGuard is a security device for unauthorized access and installation of Phoenix Contact's protection system. Phoenix Contact mGuard denial of service vulnerability. An attacker could exploit the vulnerability to cause a denial of service. Attackers can exploit these issues to perform unauthorized actions or cause denial-of-service conditions. mGuard firmware versions 8.3.0 through 8.4.2 are vulnerable. Phoenix Contact GmbH mGuard is a set of equipment security management software applied in the field of industrial Ethernet from Phoenix Contact Group in Germany

Trust: 2.7

sources: NVD: CVE-2017-7935 // JVNDB: JVNDB-2017-004201 // CNVD: CNVD-2017-09580 // BID: 98416 // IVD: fb08d782-bab9-490f-be5a-5b968518646e // VULHUB: VHN-116138

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: fb08d782-bab9-490f-be5a-5b968518646e // CNVD: CNVD-2017-09580

AFFECTED PRODUCTS

vendor:phoenix contactmodel:mguardscope:eqversion:8.3.1

Trust: 1.6

vendor:phoenix contactmodel:mguardscope:eqversion:8.4.2

Trust: 1.6

vendor:phoenix contactmodel:mguardscope:eqversion:8.3.0

Trust: 1.6

vendor:phoenix contactmodel:mguardscope:eqversion:8.3.2

Trust: 1.6

vendor:phoenix contactmodel:mguardscope:eqversion:8.4.1

Trust: 1.6

vendor:phoenix contactmodel:mguardscope:eqversion:8.4.0

Trust: 1.6

vendor:phoenix contactmodel:mguardscope:eqversion:firmware 8.3.0 to 8.4.2

Trust: 0.8

vendor:phoenix contactmodel:mguardscope:gteversion:8.3.0,<=8.4.2

Trust: 0.6

vendor:phoenixmodel:contact mguardscope:eqversion:8.4.2

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:eqversion:8.4.1

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:eqversion:8.4.0

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:eqversion:8.3.0

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:neversion:8.5.0

Trust: 0.3

vendor:mguardmodel: - scope:eqversion:8.3.0

Trust: 0.2

vendor:mguardmodel: - scope:eqversion:8.3.1

Trust: 0.2

vendor:mguardmodel: - scope:eqversion:8.3.2

Trust: 0.2

vendor:mguardmodel: - scope:eqversion:8.4.0

Trust: 0.2

vendor:mguardmodel: - scope:eqversion:8.4.1

Trust: 0.2

vendor:mguardmodel: - scope:eqversion:8.4.2

Trust: 0.2

sources: IVD: fb08d782-bab9-490f-be5a-5b968518646e // CNVD: CNVD-2017-09580 // BID: 98416 // JVNDB: JVNDB-2017-004201 // CNNVD: CNNVD-201704-925 // NVD: CVE-2017-7935

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7935
value: HIGH

Trust: 1.0

NVD: CVE-2017-7935
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-09580
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-925
value: HIGH

Trust: 0.6

IVD: fb08d782-bab9-490f-be5a-5b968518646e
value: HIGH

Trust: 0.2

VULHUB: VHN-116138
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7935
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-09580
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: fb08d782-bab9-490f-be5a-5b968518646e
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-116138
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7935
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: fb08d782-bab9-490f-be5a-5b968518646e // CNVD: CNVD-2017-09580 // VULHUB: VHN-116138 // JVNDB: JVNDB-2017-004201 // CNNVD: CNNVD-201704-925 // NVD: CVE-2017-7935

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-116138 // JVNDB: JVNDB-2017-004201 // NVD: CVE-2017-7935

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-925

TYPE

Resource management error

Trust: 0.8

sources: IVD: fb08d782-bab9-490f-be5a-5b968518646e // CNNVD: CNNVD-201704-925

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004201

PATCH
title:Top Pageurl:https://www.phoenixcontact.com/online/portal/pc
Trust: 0.8
title:Patch for Phoenix Contact mGuard Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/95390
Trust: 0.6
title:Phoenix Contact GmbH mGuard Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100392
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-09580 // 
            
            
            
            JVNDB: JVNDB-2017-004201 // 
            
            
            
            CNNVD: CNNVD-201704-925

EXTERNAL IDS
db:NVDid:CVE-2017-7935
Trust: 3.6
db:ICS CERTid:ICSA-17-131-01
Trust: 2.8
db:CNNVDid:CNNVD-201704-925
Trust: 0.9
db:BIDid:98416
Trust: 0.9
db:CNVDid:CNVD-2017-09580
Trust: 0.8
db:JVNDBid:JVNDB-2017-004201
Trust: 0.8
db:IVDid:FB08D782-BAB9-490F-BE5A-5B968518646E
Trust: 0.2
db:VULHUBid:VHN-116138
Trust: 0.1
sources:
            
            
            IVD: fb08d782-bab9-490f-be5a-5b968518646e // 
            
            
            
            CNVD: CNVD-2017-09580 // 
            
            
            
            VULHUB: VHN-116138 // 
            
            
            
            BID: 98416 // 
            
            
            
            JVNDB: JVNDB-2017-004201 // 
            
            
            
            CNNVD: CNNVD-201704-925 // 
            
            
            
            NVD: CVE-2017-7935

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-131-01
Trust: 2.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7935
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7935
Trust: 0.8
url:http://www.securityfocus.com/bid/98416
Trust: 0.6
url:https://www.phoenixcontact.com/online/portal/pc
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-09580 // 
            
            
            
            VULHUB: VHN-116138 // 
            
            
            
            BID: 98416 // 
            
            
            
            JVNDB: JVNDB-2017-004201 // 
            
            
            
            CNNVD: CNNVD-201704-925 // 
            
            
            
            NVD: CVE-2017-7935

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 98416

SOURCES
db:IVDid:fb08d782-bab9-490f-be5a-5b968518646e
db:CNVDid:CNVD-2017-09580
db:VULHUBid:VHN-116138
db:BIDid:98416
db:JVNDBid:JVNDB-2017-004201
db:CNNVDid:CNNVD-201704-925
db:NVDid:CVE-2017-7935

LAST UPDATE DATE
2025-04-20T23:05:03.961000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-09580date:2017-06-15T00:00:00
db:VULHUBid:VHN-116138date:2019-10-09T00:00:00
db:BIDid:98416date:2017-05-11T00:00:00
db:JVNDBid:JVNDB-2017-004201date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201704-925date:2019-10-17T00:00:00
db:NVDid:CVE-2017-7935date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:fb08d782-bab9-490f-be5a-5b968518646edate:2017-06-15T00:00:00
db:CNVDid:CNVD-2017-09580date:2017-06-16T00:00:00
db:VULHUBid:VHN-116138date:2017-05-19T00:00:00
db:BIDid:98416date:2017-05-11T00:00:00
db:JVNDBid:JVNDB-2017-004201date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201704-925date:2017-04-20T00:00:00
db:NVDid:CVE-2017-7935date:2017-05-19T03:29:00.637