Sign-up

ID

VAR-201705-3747


CVE

CVE-2017-7937


TITLE

Phoenix Contact GmbH mGuard Firmware authentication vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-004202

DESCRIPTION

An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable. Phoenix Contact mGuard is a security device for unauthorized access and installation of Phoenix Contact's protection system. An attacker could exploit the vulnerability to perform an unauthorized operation or cause a denial of service. mGuard firmware versions 8.3.0 through 8.4.2 are vulnerable

Trust: 2.7

sources: NVD: CVE-2017-7937 // JVNDB: JVNDB-2017-004202 // CNVD: CNVD-2017-09583 // BID: 98416 // IVD: f9fe676d-7613-4f3c-8ffa-ef72a94153dd // VULHUB: VHN-116140

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: f9fe676d-7613-4f3c-8ffa-ef72a94153dd // CNVD: CNVD-2017-09583

AFFECTED PRODUCTS

vendor:phoenix contactmodel:mguardscope:eqversion:8.3.1

Trust: 1.6

vendor:phoenix contactmodel:mguardscope:eqversion:8.4.2

Trust: 1.6

vendor:phoenix contactmodel:mguardscope:eqversion:8.3.0

Trust: 1.6

vendor:phoenix contactmodel:mguardscope:eqversion:8.3.2

Trust: 1.6

vendor:phoenix contactmodel:mguardscope:eqversion:8.4.1

Trust: 1.6

vendor:phoenix contactmodel:mguardscope:eqversion:8.4.0

Trust: 1.6

vendor:phoenix contactmodel:mguardscope:eqversion:firmware 8.3.0 to 8.4.2

Trust: 0.8

vendor:phoenix contactmodel:mguardscope:gteversion:8.3.0,<=8.4.2

Trust: 0.6

vendor:phoenixmodel:contact mguardscope:eqversion:8.4.2

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:eqversion:8.4.1

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:eqversion:8.4.0

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:eqversion:8.3.0

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:neversion:8.5.0

Trust: 0.3

vendor:mguardmodel: - scope:eqversion:8.3.0

Trust: 0.2

vendor:mguardmodel: - scope:eqversion:8.3.1

Trust: 0.2

vendor:mguardmodel: - scope:eqversion:8.3.2

Trust: 0.2

vendor:mguardmodel: - scope:eqversion:8.4.0

Trust: 0.2

vendor:mguardmodel: - scope:eqversion:8.4.1

Trust: 0.2

vendor:mguardmodel: - scope:eqversion:8.4.2

Trust: 0.2

sources: IVD: f9fe676d-7613-4f3c-8ffa-ef72a94153dd // CNVD: CNVD-2017-09583 // BID: 98416 // JVNDB: JVNDB-2017-004202 // CNNVD: CNNVD-201704-923 // NVD: CVE-2017-7937

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7937
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-7937
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-09583
value: LOW

Trust: 0.6

CNNVD: CNNVD-201704-923
value: MEDIUM

Trust: 0.6

IVD: f9fe676d-7613-4f3c-8ffa-ef72a94153dd
value: MEDIUM

Trust: 0.2

VULHUB: VHN-116140
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-7937
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-09583
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: f9fe676d-7613-4f3c-8ffa-ef72a94153dd
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-116140
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7937
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: IVD: f9fe676d-7613-4f3c-8ffa-ef72a94153dd // CNVD: CNVD-2017-09583 // VULHUB: VHN-116140 // JVNDB: JVNDB-2017-004202 // CNNVD: CNNVD-201704-923 // NVD: CVE-2017-7937

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-116140 // JVNDB: JVNDB-2017-004202 // NVD: CVE-2017-7937

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-923

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201704-923

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-004202

PATCH
title:Top Pageurl:https://www.phoenixcontact.com/online/portal/pc
Trust: 0.8
title:Patch for Phoenix Contact mGuard Security Bypass and Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/95389
Trust: 0.6
title:Phoenix Contact GmbH mGuard Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100391
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-09583 // 
            
            
            
            JVNDB: JVNDB-2017-004202 // 
            
            
            
            CNNVD: CNNVD-201704-923

EXTERNAL IDS
db:NVDid:CVE-2017-7937
Trust: 3.6
db:ICS CERTid:ICSA-17-131-01
Trust: 2.8
db:CNNVDid:CNNVD-201704-923
Trust: 0.9
db:BIDid:98416
Trust: 0.9
db:CNVDid:CNVD-2017-09583
Trust: 0.8
db:JVNDBid:JVNDB-2017-004202
Trust: 0.8
db:IVDid:F9FE676D-7613-4F3C-8FFA-EF72A94153DD
Trust: 0.2
db:VULHUBid:VHN-116140
Trust: 0.1
sources:
            
            
            IVD: f9fe676d-7613-4f3c-8ffa-ef72a94153dd // 
            
            
            
            CNVD: CNVD-2017-09583 // 
            
            
            
            VULHUB: VHN-116140 // 
            
            
            
            BID: 98416 // 
            
            
            
            JVNDB: JVNDB-2017-004202 // 
            
            
            
            CNNVD: CNNVD-201704-923 // 
            
            
            
            NVD: CVE-2017-7937

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-17-131-01
Trust: 2.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7937
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7937
Trust: 0.8
url:http://www.securityfocus.com/bid/98416
Trust: 0.6
url:https://www.phoenixcontact.com/online/portal/pc
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-09583 // 
            
            
            
            VULHUB: VHN-116140 // 
            
            
            
            BID: 98416 // 
            
            
            
            JVNDB: JVNDB-2017-004202 // 
            
            
            
            CNNVD: CNNVD-201704-923 // 
            
            
            
            NVD: CVE-2017-7937

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 98416

SOURCES
db:IVDid:f9fe676d-7613-4f3c-8ffa-ef72a94153dd
db:CNVDid:CNVD-2017-09583
db:VULHUBid:VHN-116140
db:BIDid:98416
db:JVNDBid:JVNDB-2017-004202
db:CNNVDid:CNNVD-201704-923
db:NVDid:CVE-2017-7937

LAST UPDATE DATE
2025-04-20T23:05:03.921000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-09583date:2017-06-15T00:00:00
db:VULHUBid:VHN-116140date:2019-10-09T00:00:00
db:BIDid:98416date:2017-05-11T00:00:00
db:JVNDBid:JVNDB-2017-004202date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201704-923date:2019-10-17T00:00:00
db:NVDid:CVE-2017-7937date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:f9fe676d-7613-4f3c-8ffa-ef72a94153dddate:2017-06-15T00:00:00
db:CNVDid:CNVD-2017-09583date:2017-06-16T00:00:00
db:VULHUBid:VHN-116140date:2017-05-19T00:00:00
db:BIDid:98416date:2017-05-11T00:00:00
db:JVNDBid:JVNDB-2017-004202date:2017-06-20T00:00:00
db:CNNVDid:CNNVD-201704-923date:2017-04-20T00:00:00
db:NVDid:CVE-2017-7937date:2017-05-19T03:29:00.683