Back to overview

Phoenix Contact: Unbounded growth of the session cache in TCP encapsulation service in FL MGUARD 2xxx and 4xxx firmware

VDE-2025-109
Last update
02/23/2026 15:00
Published at
02/10/2026 09:00
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2025-109
CSAF Document
Download

Summary

The OpenSSL library used in the affected products is vulnerable to an unbounded growth of the session cache in the TLSv1.3 implementation.

Impact

A remote attacker can exhaust all the memory by establishing a large number of TLSv1.3 connections to the TCP encapsulation service, causing the device to reboot.

Affected Product(s)

Model no. Product name Affected versions
OpenSSL 3.0.13, 3.0.0
1357828 FL MGUARD 2102 Firmware 10.5.0
1357850 FL MGUARD 2105 Firmware 10.5.0
1441187 FL MGUARD 4102 PCI Firmware 10.5.0
1357842 FL MGUARD 4102 PCIE Firmware 10.5.0
1357840 FL MGUARD 4302 Firmware 10.5.0
1357875 FL MGUARD 4305 Firmware 10.5.0

Vulnerabilities

Expand / Collapse all

Published
02/23/2026 15:22
Severity
5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Improperly Controlled Sequential Memory Allocation (CWE-1325)
Summary

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.

References
cve.org | nvd.nist.gov

Mitigation

It is recommended to disable TCP encapsulation on affected mGuard devices and use Pathfinder instead.

Remediation

Phoenix Contact strongly recommends upgrading affected mGuard devices to firmware version 10.6.0 or higher which fixes this vulnerability.

Acknowledgments

Phoenix Contact GmbH & Co. KG thanks the following parties for their efforts:

Revision History

Version Date Summary
1.0.0 02/10/2026 09:00 Initial release.
1.0.1 02/23/2026 15:00 Updated category type in product tree.