Sign-up

ID

VAR-201801-1492


CVE

CVE-2018-5441


TITLE

PHOENIX CONTACT mGuard Vulnerability related to input validation in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-001896

DESCRIPTION

An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages. PHOENIX CONTACT mGuard The firmware contains a vulnerability related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \302\240Phoenix Contact mGuard is a security device for unauthorized access and installation of Phoenix Contact's protection system. PHOENIX CONTACT mGuard has unauthorized modification of the vulnerability. Successful exploits will allow local attackers to bypass certain security restrictions. Other attacks are also possible

Trust: 2.61

sources: NVD: CVE-2018-5441 // JVNDB: JVNDB-2018-001896 // CNVD: CNVD-2018-02344 // BID: 102907 // IVD: e2e32a81-39ab-11e9-aa47-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e32a81-39ab-11e9-aa47-000c29342cb1 // CNVD: CNVD-2018-02344

AFFECTED PRODUCTS

vendor:phoenixcontactmodel:mguard rs4000 tx\/txscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs2000 4g vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard smart2 vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4004 tx\/dtx vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4000 tx\/tx vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard pci4000 vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs2000 3g vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard pcie4000 vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs2000 tx\/tx vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard delta tx\/tx vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard delta tx\/txscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard centerportscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs2000 tx\/tx-bscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs2005 tx vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard gt\/gt vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4000 tx\/tx vpn-mscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4000 3g vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4000 tx\/tx-pscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4000 4g vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4000 tx\/txscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs2000 4g vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs2000 3g vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard core tx vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard smart2scope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard smart2 vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4004 tx\/dtxscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard smart2scope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs2005 tx vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard gt\/gtscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard delta tx\/txscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard centerportscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard pci4000 vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4000 tx\/tx vpn-mscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4004 tx\/dtxscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4000 tx\/tx-pscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard core tx vpnscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs2000 tx\/tx vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4004 tx\/dtx vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4000 tx\/tx vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard pcie4000 vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard gt\/gtscope:gteversion:7.2.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard delta tx\/tx vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs2000 tx\/tx-bscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4000 4g vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard rs4000 3g vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenixcontactmodel:mguard gt\/gt vpnscope:lteversion:8.6.0

Trust: 1.0

vendor:phoenix contactmodel:mguard centerportscope: - version: -

Trust: 0.8

vendor:phoenix contactmodel:mguard core tx vpnscope: - version: -

Trust: 0.8

vendor:phoenix contactmodel:mguard delta tx/txscope: - version: -

Trust: 0.8

vendor:phoenix contactmodel:mguard gt/gtscope: - version: -

Trust: 0.8

vendor:phoenix contactmodel:mguard pci4000 vpnscope: - version: -

Trust: 0.8

vendor:phoenix contactmodel:mguard rs2000 tx/tx vpnscope: - version: -

Trust: 0.8

vendor:phoenix contactmodel:mguard smart2scope: - version: -

Trust: 0.8

vendor:phoenixmodel:contact mguardscope:gteversion:7.2<=8.6.0

Trust: 0.6

vendor:phoenixmodel:contact mguardscope:eqversion:8.6

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:eqversion:8.5.0

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:eqversion:8.4.2

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:eqversion:8.4.1

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:eqversion:8.4.0

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:eqversion:8.3.0

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:eqversion:7.2

Trust: 0.3

vendor:phoenixmodel:contact mguardscope:neversion:8.6.1

Trust: 0.3

vendor:mguard centerportmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs2005 tx vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs4000 tx txmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs4000 tx tx vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs4000 tx tx vpn mmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs4000 tx tx pmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs4004 tx dtxmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs4004 tx dtx vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard smart2model: - scope:eqversion:*

Trust: 0.2

vendor:mguard smart2 vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs2000 3g vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard delta tx txmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs4000 3g vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard core tx vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs2000 4g vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs4000 4g vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard delta tx tx vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard gt gtmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard gt gt vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard pci4000 vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard pcie4000 vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs2000 tx tx vpnmodel: - scope:eqversion:*

Trust: 0.2

vendor:mguard rs2000 tx tx bmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2e32a81-39ab-11e9-aa47-000c29342cb1 // CNVD: CNVD-2018-02344 // BID: 102907 // JVNDB: JVNDB-2018-001896 // NVD: CVE-2018-5441

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5441
value: HIGH

Trust: 1.0

NVD: CVE-2018-5441
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-02344
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201801-1078
value: HIGH

Trust: 0.6

IVD: e2e32a81-39ab-11e9-aa47-000c29342cb1
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-5441
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-02344
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e32a81-39ab-11e9-aa47-000c29342cb1
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-5441
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2e32a81-39ab-11e9-aa47-000c29342cb1 // CNVD: CNVD-2018-02344 // JVNDB: JVNDB-2018-001896 // CNNVD: CNNVD-201801-1078 // NVD: CVE-2018-5441

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

problemtype:CWE-354

Trust: 1.0

sources: JVNDB: JVNDB-2018-001896 // NVD: CVE-2018-5441

THREAT TYPE

local

Trust: 0.9

sources: BID: 102907 // CNNVD: CNNVD-201801-1078

TYPE

Input validation error

Trust: 0.8

sources: IVD: e2e32a81-39ab-11e9-aa47-000c29342cb1 // CNNVD: CNNVD-201801-1078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001896

PATCH
title:Top Pageurl:https://www.phoenixcontact.com/online/portal/pc
Trust: 0.8
title:PHOENIX CONTACT mGuard is not authorized to modify the patch for the vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/115091
Trust: 0.6
title:PHOENIX CONTACT mGuard Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78155
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02344 // 
            
            
            
            JVNDB: JVNDB-2018-001896 // 
            
            
            
            CNNVD: CNNVD-201801-1078

EXTERNAL IDS
db:NVDid:CVE-2018-5441
Trust: 3.5
db:ICS CERTid:ICSA-18-030-01
Trust: 3.3
db:BIDid:102907
Trust: 1.9
db:CERT@VDEid:VDE-2018-001
Trust: 1.6
db:CNVDid:CNVD-2018-02344
Trust: 0.8
db:CNNVDid:CNNVD-201801-1078
Trust: 0.8
db:JVNDBid:JVNDB-2018-001896
Trust: 0.8
db:IVDid:E2E32A81-39AB-11E9-AA47-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2e32a81-39ab-11e9-aa47-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-02344 // 
            
            
            
            BID: 102907 // 
            
            
            
            JVNDB: JVNDB-2018-001896 // 
            
            
            
            CNNVD: CNNVD-201801-1078 // 
            
            
            
            NVD: CVE-2018-5441

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-030-01
Trust: 3.3
url:http://www.securityfocus.com/bid/102907
Trust: 2.2
url:https://cert.vde.com/en-us/advisories/vde-2018-001
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5441
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5441
Trust: 0.8
url:https://www.phoenixcontact.com/online/portal/pc
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-02344 // 
            
            
            
            BID: 102907 // 
            
            
            
            JVNDB: JVNDB-2018-001896 // 
            
            
            
            CNNVD: CNNVD-201801-1078 // 
            
            
            
            NVD: CVE-2018-5441

CREDITS
PHOENIX CONTACT
Trust: 0.3
sources:
            
            
            BID: 102907

SOURCES
db:IVDid:e2e32a81-39ab-11e9-aa47-000c29342cb1
db:CNVDid:CNVD-2018-02344
db:BIDid:102907
db:JVNDBid:JVNDB-2018-001896
db:CNNVDid:CNNVD-201801-1078
db:NVDid:CVE-2018-5441

LAST UPDATE DATE
2024-11-23T22:45:27.240000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02344date:2018-01-31T00:00:00
db:BIDid:102907date:2018-01-30T00:00:00
db:JVNDBid:JVNDB-2018-001896date:2018-03-15T00:00:00
db:CNNVDid:CNNVD-201801-1078date:2019-10-17T00:00:00
db:NVDid:CVE-2018-5441date:2024-11-21T04:08:48.653

SOURCES RELEASE DATE
db:IVDid:e2e32a81-39ab-11e9-aa47-000c29342cb1date:2018-01-31T00:00:00
db:CNVDid:CNVD-2018-02344date:2018-01-31T00:00:00
db:BIDid:102907date:2018-01-30T00:00:00
db:JVNDBid:JVNDB-2018-001896date:2018-03-15T00:00:00
db:CNNVDid:CNNVD-201801-1078date:2018-01-31T00:00:00
db:NVDid:CVE-2018-5441date:2018-01-30T20:29:00.457