{"containers": {"cna": {"affected": [{"product": "PHOENIX CONTACT mGuard", "vendor": "n/a", "versions": [{"status": "affected", "version": "PHOENIX CONTACT mGuard"}]}], "datePublic": "2018-01-30T00:00:00", "descriptions": [{"lang": "en", "value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "description": "CWE-354", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-16T13:57:02", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "102907", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102907"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en-us/advisories/vde-2018-001"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2018-5441", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PHOENIX CONTACT mGuard", "version": {"version_data": [{"version_value": "PHOENIX CONTACT mGuard"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-354"}]}]}, "references": {"reference_data": [{"name": "102907", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102907"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"}, {"name": "https://cert.vde.com/en-us/advisories/vde-2018-001", "refsource": "CONFIRM", "url": "https://cert.vde.com/en-us/advisories/vde-2018-001"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-5441", "datePublished": "2018-01-30T20:00:00", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2018-05-16T13:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_centerport_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6005AE8C-7CB3-41FA-9ECB-9C9037B48893", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_centerport:-:*:*:*:*:*:*:*", "matchCriteriaId": "324613AE-C9FA-47FA-8FB1-E76134C7CBED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_delta_tx\\/tx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8A6BEE0-43D0-4A12-9C3A-116984C4DEB4", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_delta_tx\\/tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "59B2643C-0EC5-4AD5-B535-C2222E7AE406", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_delta_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D71D1E8-F9B2-44C9-B15A-0C42C18F25A7", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_delta_tx\\/tx_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "8B6CE71E-5CDF-45F6-AD09-B03A750250C2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_gt\\/gt_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0D32CBD-BF58-4CC6-A325-A7A3508D8656", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_gt\\/gt:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C1E4D97-BCEC-4F1D-8B40-B24B1ECA439E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_gt\\/gt_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "718DC9CE-3519-4733-801C-17A882185CAF", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_gt\\/gt_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "92A92F7A-EE80-4323-825C-27E9089CA633", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_pci4000_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "797F0C72-8189-4EC5-BBF0-07E266446AA7", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_pci4000_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "8220FE6A-E74D-4FFC-82BA-22F3016F146C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_pcie4000_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C60E7710-91B8-4B15-A16B-9F6668195F85", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_pcie4000_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5A3F679-0067-471F-B46B-CDB16089E93C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EE290F1-F7D4-46D1-AE4F-377BC5D212D9", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2000_tx\\/tx_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DDD6DBE-D9B1-415D-8284-1BE8D786ED24", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2000_tx\\/tx-b_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3985BB8B-EB08-47EE-B34D-1FA86B4411F5", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2000_tx\\/tx-b:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F50ABE1-5FAB-426C-8F16-95A9E52FFBC8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2005_tx_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "60530BD0-E190-4C01-92BB-12F048C46758", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2005_tx_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "F31A6108-2E06-43F7-AB8A-4D1A76D8ADEF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_tx\\/tx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C67B81A-CE29-43B4-994E-ED4AF3C14457", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_tx\\/tx:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDB26D7E-DE57-486E-965A-7B018B9ED58B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_tx\\/tx_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2ED72FD3-7A3B-4102-9B96-465EBEF93914", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_tx\\/tx_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "5193E597-3C65-49F6-BBE2-C164F89AB188", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_tx\\/tx_vpn-m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F541618-C97E-4DA2-AB39-7AEE81D00574", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_tx\\/tx_vpn-m:-:*:*:*:*:*:*:*", "matchCriteriaId": "4566E57B-1E44-425E-8D88-36C1201A9E5C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_tx\\/tx-p_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D226957-05AF-4DDA-8C8D-CC2E956196EF", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_tx\\/tx-p:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A3E45AC-5FD2-457E-A004-6C07CEDAD306", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4004_tx\\/dtx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "041DD89B-AF3A-4EE7-B3DC-0DA007262ECC", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4004_tx\\/dtx:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EFE74BB-0167-4484-AE87-F17A55829844", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4004_tx\\/dtx_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "038962DC-3D92-44B7-A003-38B34E0ACB94", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4004_tx\\/dtx_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "4473C338-9A25-4FD5-8736-4072D0FA265E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_smart2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9C65B2C-DCDF-4822-B2EC-0ACE339FB821", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_smart2:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B2EDFA2-FE87-4B6E-8380-AD6F66A3EA09", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_smart2_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "065D3E69-85D2-4193-9F45-6AEF09B9AA99", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_smart2_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2799FB2-FA17-4C7F-91B7-F6A06055E657", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2000_3g_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8DA40CB1-6FDB-47C2-BA72-69B9C90B3797", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2000_3g_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "02D3A13E-0C0D-4073-AE22-5D96F43B3B81", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_3g_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "392CB8FC-CCBD-48D4-97D8-8B532864BBFF", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_3g_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DA558DA-2590-42B0-BFE8-BCC590B6E9AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_core_tx_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CE9BBFB-FA4D-4368-978A-974784B05884", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_core_tx_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F4B73EB-D000-4BD9-BEA2-AAC6A01600FE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs2000_4g_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F21C1837-5C64-43E6-AEDC-29B6D44C4EEA", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs2000_4g_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "E805FC49-F621-4552-B5F7-BEF2C9CE4CEC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:phoenixcontact:mguard_rs4000_4g_vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3125CAB7-ECEA-4FB7-9B2A-F2C25F29EE03", "versionEndIncluding": "8.6.0", "versionStartIncluding": "7.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:phoenixcontact:mguard_rs4000_4g_vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "34CB4439-3EEA-40A1-A2AE-3594A8DB7AA3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages."}, {"lang": "es", "value": "Se ha descubierto un problema de validaci\u00f3n indebida de valores de comprobaci\u00f3n de integridad en PHOENIX CONTACT mGuard, en versiones de firmware 7.2 a 8.6.0. Los dispositivos mGuard dependen de sumas de verificaci\u00f3n internas para verificar la integridad interna de los paquetes de actualizaci\u00f3n. La verificaci\u00f3n podr\u00eda no realizarse siempre correctamente, lo que permite que un atacante modifique paquetes de actualizaci\u00f3n de firmware."}], "id": "CVE-2018-5441", "lastModified": "2019-10-09T23:41:21.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-30T20:29:00.457", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/102907"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert.vde.com/en-us/advisories/vde-2018-001"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-354"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}