Remote code execution PHOENIX CONTACT mGuard
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-5441 |
| CWE-ID | CWE-416 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
MGUARD RS4000 4G VPN Hardware solutions / Firmware MGUARD RS2000 4G VPN Hardware solutions / Firmware MGUARD CORE TX VPN Hardware solutions / Firmware MGUARD RS4000 3G VPN Hardware solutions / Firmware MGUARD RS2000 3G VPN Hardware solutions / Firmware MGUARD SMART2 VPN Hardware solutions / Firmware MGUARD SMART2 Hardware solutions / Firmware MGUARD RS4004 TX/DTX VPN Hardware solutions / Firmware MGUARD RS4004 TX/DTX Hardware solutions / Firmware MGUARD RS4000 TX/TX-P Hardware solutions / Firmware MGUARD RS4000 TX/TX VPN-M Hardware solutions / Firmware MGUARD RS4000 TX/TX VPN Hardware solutions / Firmware MGUARD RS4000 TX/TX Hardware solutions / Firmware MGUARD RS2005 TX VPN Hardware solutions / Firmware MGUARD RS2000 TX/TX-B Hardware solutions / Firmware MGUARD RS2000 TX/TX VPN Hardware solutions / Firmware MGUARD PCIE4000 VPN Hardware solutions / Firmware MGUARD PCI4000 VPN Hardware solutions / Firmware MGUARD GT/GT VPN Hardware solutions / Firmware MGUARD GT/GT Hardware solutions / Firmware MGUARD DELTA TX/TX VPN Hardware solutions / Firmware MGUARD DELTA TX/TX Hardware solutions / Firmware MGUARD CENTERPORT Hardware solutions / Firmware |
| Vendor | Phoenix Contact GmbH |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Use-after-free
EUVDB-ID: #VU6325
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-5441
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when holding a selection during scroll events. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate to version 8.6.1.
Vulnerable software versionsMGUARD RS4000 4G VPN: All versions
MGUARD RS2000 4G VPN: All versions
MGUARD CORE TX VPN: All versions
MGUARD RS4000 3G VPN: All versions
MGUARD RS2000 3G VPN: All versions
MGUARD SMART2 VPN: All versions
MGUARD SMART2: All versions
MGUARD RS4004 TX/DTX VPN: All versions
MGUARD RS4004 TX/DTX: All versions
MGUARD RS4000 TX/TX-P: All versions
MGUARD RS4000 TX/TX VPN-M: All versions
MGUARD RS4000 TX/TX VPN: All versions
MGUARD RS4000 TX/TX: All versions
MGUARD RS2005 TX VPN: All versions
MGUARD RS2000 TX/TX-B: All versions
MGUARD RS2000 TX/TX VPN: All versions
MGUARD PCIE4000 VPN: All versions
MGUARD PCI4000 VPN: All versions
MGUARD GT/GT VPN: All versions
MGUARD GT/GT: All versions
MGUARD DELTA TX/TX VPN: All versions
MGUARD DELTA TX/TX: All versions
MGUARD CENTERPORT: All versions
CPE2.3- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs4000_4g_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs2000_4g_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_core_tx_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs4000_3g_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs2000_3g_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_smart2_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_smart2:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs4004_tx_dtx_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs4004_tx_dtx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs4000_tx_tx-p:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs4000_tx_tx_vpn-m:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs4000_tx_tx_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs4000_tx_tx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs2005_tx_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs2000_tx_tx-b:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_rs2000_tx_tx_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_pcie4000_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_pci4000_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_gt_gt_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_gt_gt:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_delta_tx_tx_vpn:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_delta_tx_tx:*:*:*:*:*:*:*:*
- cpe:2.3:h:phoenix_contact_gmbh:mguard_centerport:*:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
