CVE-2020-12523
Phoenix Contact mGuard Devices versions before 8.8.3: LAN ports get functional after reboot even if they are disabled in the device configuration
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource
En Phoenix Contact mGuard Devices versiones anteriores a 8.8.3, los puertos LAN funcionan después del reinicio, inclusive si están desactivados en la configuración del dispositivo. Para los dispositivos mGuard con switch integrado en el lado de la LAN, los puertos switch únicos pueden ser desactivados mediante la configuración del dispositivo. Después de un reinicio, estos puertos se vuelven funcionales independientemente de su configuración: Falta la Inicialización del Recurso
*Credits:
Discovered by SMST Designers & Constructors B.V., Phoenix Contact reported to CERT@VDE
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-04-30 CVE Reserved
- 2020-12-17 CVE Published
- 2023-09-02 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-909: Missing Initialization of Resource
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://cert.vde.com/en-us/advisories/vde-2020-046 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phoenixcontact Search vendor "Phoenixcontact" | Tc Mguard Rs4000 4g Vzw Vpn Firmware Search vendor "Phoenixcontact" for product "Tc Mguard Rs4000 4g Vzw Vpn Firmware" | < 8.8.3 Search vendor "Phoenixcontact" for product "Tc Mguard Rs4000 4g Vzw Vpn Firmware" and version " < 8.8.3" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Tc Mguard Rs4000 4g Vzw Vpn Search vendor "Phoenixcontact" for product "Tc Mguard Rs4000 4g Vzw Vpn" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Tc Mguard Rs4000 4g Att Vpn Firmware Search vendor "Phoenixcontact" for product "Tc Mguard Rs4000 4g Att Vpn Firmware" | < 8.8.3 Search vendor "Phoenixcontact" for product "Tc Mguard Rs4000 4g Att Vpn Firmware" and version " < 8.8.3" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Tc Mguard Rs4000 4g Att Vpn Search vendor "Phoenixcontact" for product "Tc Mguard Rs4000 4g Att Vpn" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Fl Mguard Rs4004 Tx\/dtx Firmware Search vendor "Phoenixcontact" for product "Fl Mguard Rs4004 Tx\/dtx Firmware" | < 8.8.3 Search vendor "Phoenixcontact" for product "Fl Mguard Rs4004 Tx\/dtx Firmware" and version " < 8.8.3" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Fl Mguard Rs4004 Tx\/dtx Search vendor "Phoenixcontact" for product "Fl Mguard Rs4004 Tx\/dtx" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Fl Mguard Rs4004 Tx\/dtx Vpn Firmware Search vendor "Phoenixcontact" for product "Fl Mguard Rs4004 Tx\/dtx Vpn Firmware" | < 8.8.3 Search vendor "Phoenixcontact" for product "Fl Mguard Rs4004 Tx\/dtx Vpn Firmware" and version " < 8.8.3" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Fl Mguard Rs4004 Tx\/dtx Vpn Search vendor "Phoenixcontact" for product "Fl Mguard Rs4004 Tx\/dtx Vpn" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Tc Mguard Rs4000 3g Vpn Firmware Search vendor "Phoenixcontact" for product "Tc Mguard Rs4000 3g Vpn Firmware" | - | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Tc Mguard Rs4000 3g Vpn Search vendor "Phoenixcontact" for product "Tc Mguard Rs4000 3g Vpn" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Tc Mguard Rs4000 4g Vpn Firmware Search vendor "Phoenixcontact" for product "Tc Mguard Rs4000 4g Vpn Firmware" | < 8.8.3 Search vendor "Phoenixcontact" for product "Tc Mguard Rs4000 4g Vpn Firmware" and version " < 8.8.3" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Tc Mguard Rs4000 4g Vpn Search vendor "Phoenixcontact" for product "Tc Mguard Rs4000 4g Vpn" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Innominate Mguard Rs4000 4tx\/tx Firmware Search vendor "Phoenixcontact" for product "Innominate Mguard Rs4000 4tx\/tx Firmware" | < 8.8.3 Search vendor "Phoenixcontact" for product "Innominate Mguard Rs4000 4tx\/tx Firmware" and version " < 8.8.3" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Innominate Mguard Rs4000 4tx\/tx Search vendor "Phoenixcontact" for product "Innominate Mguard Rs4000 4tx\/tx" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Innominate Mguard Rs4000 4tx\/tx Vpn Firmware Search vendor "Phoenixcontact" for product "Innominate Mguard Rs4000 4tx\/tx Vpn Firmware" | < 8.8.3 Search vendor "Phoenixcontact" for product "Innominate Mguard Rs4000 4tx\/tx Vpn Firmware" and version " < 8.8.3" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Innominate Mguard Rs4000 4tx\/tx Vpn Search vendor "Phoenixcontact" for product "Innominate Mguard Rs4000 4tx\/tx Vpn" | - | - |
Safe
|
| Phoenixcontact Search vendor "Phoenixcontact" | Innominate Mguard Rs4000 4tx\/3g\/tx Vpn Firmware Search vendor "Phoenixcontact" for product "Innominate Mguard Rs4000 4tx\/3g\/tx Vpn Firmware" | < 8.8.3 Search vendor "Phoenixcontact" for product "Innominate Mguard Rs4000 4tx\/3g\/tx Vpn Firmware" and version " < 8.8.3" | - |
Affected
| in | Phoenixcontact Search vendor "Phoenixcontact" | Innominate Mguard Rs4000 4tx\/3g\/tx Vpn Search vendor "Phoenixcontact" for product "Innominate Mguard Rs4000 4tx\/3g\/tx Vpn" | - | - |
Safe
|