Denial-of-Service vulnerability in PHOENIX CONTACT mGuard product family
CVE-2022-3480

7.5HIGH

Key Information:

Vendor: Phoenix Contact
Status: Fl Mguard Centerport; Fl Mguard Centerport Vpn-1000; Fl Mguard Core Tx; Fl Mguard Core Tx Vpn
Vendor: CVE Published:; 15 November 2022

🔔 Create Phoenix Contact Vulnerability Alert

What is CVE-2022-3480?

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue.

Affected Version(s)

FL MGUARD CENTERPORT 0 < 8.9.0

FL MGUARD CENTERPORT VPN-1000 0 < 8.9.0

FL MGUARD CORE TX 0 < 8.9.0

References

https://cert.vde.com/en/advisories/VDE-2022-051/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2022
Vulnerability Reserved
Oct 13, 2022