Denial-of-Service vulnerability in PHOENIX CONTACT mGuard product family
CVE-2022-3480

7.5HIGH

Key Information:

Vendor
Phoenix Contact
Status
Fl Mguard Centerport
Fl Mguard Centerport Vpn-1000
Fl Mguard Core Tx
Fl Mguard Core Tx Vpn
Vendor
CVE Published:
15 November 2022

Summary

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue.

Affected Version(s)

FL MGUARD CENTERPORT 0 < 8.9.0

FL MGUARD CENTERPORT VPN-1000 0 < 8.9.0

FL MGUARD CORE TX 0 < 8.9.0

References

https://cert.vde.com/en/advisories/VDE-2022-051/

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-3480 : Denial-of-Service vulnerability in PHOENIX CONTACT mGuard product family | SecurityVulnerability.io