Back to overview

PHOENIX CONTACT: mGuard IKE daemon remote denial of service

VDE-2017-001
Last update
05/22/2025 15:03
Published at
03/07/2017 12:05
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2017-001
CSAF Document
Download

Summary

Openswan 2.6.39 and earlier, which is used in the mGuard firmware version 8.0.0 to 8.5.1, allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

Impact

Specially crafted IKEv2 packets may force an IKE daemon restart and force a restart of all IPsec connections. There is no access to sensitive information or tunnel content possible by this attack.

Affected Product(s)

Model no. Product name Affected versions
2702547 Phoenix Contact Hardware mGuard FL MGUARD CENTERPORT Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2700967 Phoenix Contact Hardware mGuard FL MGUARD DELTA TX/TX Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2700968 Phoenix Contact Hardware mGuard FL MGUARD DELTA TX/TX VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2700197 Phoenix Contact Hardware mGuard FL MGUARD GT/GT Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2700198 Phoenix Contact Hardware mGuard FL MGUARD GT/GT VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2701274 Phoenix Contact Hardware mGuard FL MGUARD PCI4000 Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2701275 Phoenix Contact Hardware mGuard FL MGUARD PCI4000 VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2701278 Phoenix Contact Hardware mGuard FL MGUARD PCIE4000 VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2989310 Phoenix Contact Hardware mGuard FL MGUARD RS Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2989718 Phoenix Contact Hardware mGuard FL MGUARD RS VPN ANALOG Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2700642 Phoenix Contact Hardware mGuard FL MGUARD RS2000 TX/TX VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2701875 Phoenix Contact Hardware mGuard FL MGUARD RS2005 TX VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2700634 Phoenix Contact Hardware mGuard FL MGUARD RS4000 TX/TX Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2200515 Phoenix Contact Hardware mGuard FL MGUARD RS4000 TX/TX VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2702465 Phoenix Contact Hardware mGuard FL MGUARD RS4000 TX/TX VPN-M Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2702259 Phoenix Contact Hardware mGuard FL MGUARD RS4000 TX/TX-P Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2701876 Phoenix Contact Hardware mGuard FL MGUARD RS4004 TX/DTX Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2701877 Phoenix Contact Hardware mGuard FL MGUARD RS4004 TX/DTX VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2700640 Phoenix Contact Hardware mGuard FL MGUARD SMART2 Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2700639 Phoenix Contact Hardware mGuard FL MGUARD SMART2 VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2903441 Phoenix Contact Hardware mGuard TC MGUARD RS2000 3G VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2903588 Phoenix Contact Hardware mGuard TC MGUARD RS2000 4G VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2903440 Phoenix Contact Hardware mGuard TC MGUARD RS4000 3G VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1
2903586 Phoenix Contact Hardware mGuard TC MGUARD RS4000 4G VPN Phoenix Contact Firmware mGuard 8.0.0<=8.5.1

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Weakness
NULL Pointer Dereference (CWE-476)
Summary

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

References
cve.org | nvd.nist.gov

Remediation

PHOENIX CONTACT and Innominate recommend all customers running mGuard devices with affected firmware versions to update to firmware version 8.5.2 or higher, which fixes this vulnerability. Updates can be found on the vendor's 'Downloads' page for each of the affected devices.

Revision History

Version Date Summary
1 03/07/2017 12:05 Initial revision.
2 10/30/2024 12:27 Fix: correct certvde domain, added self-reference
3 05/22/2025 15:03 Fix: version space, removed ia, quotation mark