7.8
CVE-2018-5441
- EPSS 0.04%
- Published 30.01.2018 20:29:00
- Last modified 21.11.2024 04:08:48
- Source ics-cert@hq.dhs.gov
- Teams watchlist Login
- Open Login
An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.
Data is provided by the National Vulnerability Database (NVD)
Phoenixcontact ≫ Mguard Centerport Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Delta Tx/tx Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Delta Tx/tx Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Gt/gt Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Gt/gt Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Pci4000 Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Pcie4000 Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs2000 Tx/tx Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs2000 Tx/tx-b Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs2005 Tx Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs4000 Tx/tx Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs4000 Tx/tx Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs4000 Tx/tx Vpn-m Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs4000 Tx/tx-p Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs4004 Tx/dtx Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs4004 Tx/dtx Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Smart2 Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Smart2 Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs2000 3g Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs4000 3g Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Core Tx Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs2000 4g Vpn Firmware Version >= 7.2.0 <= 8.6.0
Phoenixcontact ≫ Mguard Rs4000 4g Vpn Firmware Version >= 7.2.0 <= 8.6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.077 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.6 | 3.9 | 6.4 |
AV:L/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-354 Improper Validation of Integrity Check Value
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.