Headline
CVE-2022-3480: VDE-2022-051 | CERT@VDE
A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue.
2022-11-15 10:27 (CET) VDE-2022-051
PHOENIX CONTACT: Denial-of-Service vulnerability in mGuard product family
Share: Email | Twitter
Published
2022-11-15 10:27 (CET)
Last update
2022-11-15 10:27 (CET)
Vendor(s)
PHOENIX CONTACT GmbH & Co. KG
Product(s)
Article No°
Product Name
Affected Version(s)
2702547
FL MGUARD CENTERPORT
< 8.9.0
2702820
FL MGUARD CENTERPORT VPN-1000
< 8.9.0
2702884
FL MGUARD CORE TX
< 8.9.0
2702831
FL MGUARD CORE TX VPN
< 8.9.0
2700967
FL MGUARD DELTA TX/TX
< 8.9.0
2700968
FL MGUARD DELTA TX/TX VPN
< 8.9.0
2700197
FL MGUARD GT/GT
< 8.9.0
2700198
FL MGUARD GT/GT VPN
< 8.9.0
2701274
FL MGUARD PCI4000
< 8.9.0
2701275
FL MGUARD PCI4000 VPN
< 8.9.0
2701277
FL MGUARD PCIE4000
< 8.9.0
2701278
FL MGUARD PCIE4000 VPN
< 8.9.0
2702139
FL MGUARD RS2000 TX/TX-B
< 8.9.0
2700642
FL MGUARD RS2000 TX/TX VPN
< 8.9.0
2701875
FL MGUARD RS2005 TX VPN
< 8.9.0
2700634
FL MGUARD RS4000 TX/TX
< 8.9.0
2702470
FL MGUARD RS4000 TX/TX-M
< 8.9.0
2702259
FL MGUARD RS4000 TX/TX-P
< 8.9.0
2200515
FL MGUARD RS4000 TX/TX VPN
< 8.9.0
2701876
FL MGUARD RS4004 TX/DTX
< 8.9.0
2701877
FL MGUARD RS4004 TX/DTX VPN
< 8.9.0
2700640
FL MGUARD SMART2
< 8.9.0
2700639
FL MGUARD SMART2 VPN
< 8.9.0
2903441
TC MGUARD RS2000 3G VPN
< 8.9.0
1010464
TC MGUARD RS2000 4G ATT VPN
< 8.9.0
2903588
TC MGUARD RS2000 4G VPN
< 8.9.0
1010462
TC MGUARD RS2000 4G VZW VPN
< 8.9.0
2903440
TC MGUARD RS4000 3G VPN
< 8.9.0
1010463
TC MGUARD RS4000 4G ATT VPN
< 8.9.0
2903586
TC MGUARD RS4000 4G VPN
< 8.9.0
1010461
TC MGUARD RS4000 4G VZW VPN
< 8.9.0
Summary
A denial of service of the HTTPS management interface of PHOENIX CONTACT FL MGUARD and TC MGUARD devices can be triggered by a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue.
CVE ID
Severity
Weakness
Allocation of Resources Without Limits or Throttling (CWE-770)
Summary
A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue.
Source
Solution
Mitigation
Don’t allow access to the HTTPS management interface from untrusted networks.
In the default configuration, the access is only allowed from internal interfaces.
Remediation
The vulnerability is fixed in firmware version 8.9.0. We strongly recommend all affected users to upgrade to this or a later version.
Reported by
This vulnerability was discovered by Alpha Strike Labs GmbH, Berlin.
We kindly appreciate the coordinated disclosure of this vulnerability by the finder.
PHOENIX CONTACT thanks CERT@VDE for the coordination and support with this publication.