Back to overview

PHOENIX CONTACT: Denial-of-Service vulnerability in mGuard product family

VDE-2022-051
Last update
05/22/2025 15:03
Published at
11/15/2022 10:27
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2022-051
CSAF Document
Download

Summary

A denial of service of the HTTPS management interface of PHOENIX CONTACT FL MGUARD and TC MGUARD devices can be triggered by a larger number of unauthenticated HTTPS connections originating from different source IP's. Configuring firewall limits for incoming connections cannot prevent the issue.

Impact

Affected Product(s)

Model no. Product name Affected versions
2702547 FL MGUARD CENTERPORT Firmware <8.9.0
2702820 FL MGUARD CENTERPORT VPN-1000 Firmware <8.9.0
2702884 FL MGUARD CORE TX Firmware <8.9.0
2702831 FL MGUARD CORE TX VPN Firmware <8.9.0
2700967 FL MGUARD DELTA TX/TX Firmware <8.9.0
2700968 FL MGUARD DELTA TX/TX VPN Firmware <8.9.0
2700197 FL MGUARD GT/GT Firmware <8.9.0
2700198 FL MGUARD GT/GT VPN Firmware <8.9.0
2701274 FL MGUARD PCI4000 Firmware <8.9.0
2701275 FL MGUARD PCI4000 VPN Firmware <8.9.0
2701277 FL MGUARD PCIE4000 Firmware <8.9.0
2701278 FL MGUARD PCIE4000 VPN Firmware <8.9.0
2700642 FL MGUARD RS2000 TX/TX VPN Firmware <8.9.0
2702139 FL MGUARD RS2000 TX/TX-B Firmware <8.9.0
2701875 FL MGUARD RS2005 TX VPN Firmware <8.9.0
2700634 FL MGUARD RS4000 TX/TX Firmware <8.9.0
2200515 FL MGUARD RS4000 TX/TX VPN Firmware <8.9.0
2702470 FL MGUARD RS4000 TX/TX-M Firmware <8.9.0
2702259 FL MGUARD RS4000 TX/TX-P Firmware <8.9.0
2701876 FL MGUARD RS4004 TX/DTX Firmware <8.9.0
2701877 FL MGUARD RS4004 TX/DTX VPN Firmware <8.9.0
2700640 FL MGUARD SMART2 Firmware <8.9.0
2700639 FL MGUARD SMART2 VPN Firmware <8.9.0
2903441 TC MGUARD RS2000 3G VPN Firmware <8.9.0
1010464 TC MGUARD RS2000 4G ATT VPN Firmware <8.9.0
2903588 TC MGUARD RS2000 4G VPN Firmware <8.9.0
1010462 TC MGUARD RS2000 4G VZW VPN Firmware <8.9.0
2903440 TC MGUARD RS4000 3G VPN Firmware <8.9.0
1010463 TC MGUARD RS4000 4G ATT VPN Firmware <8.9.0
2903586 TC MGUARD RS4000 4G VPN Firmware <8.9.0
1010461 TC MGUARD RS4000 4G VZW VPN Firmware <8.9.0

Vulnerabilities

Expand / Collapse all

Published
09/22/2025 14:57
Severity
7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness
Allocation of Resources Without Limits or Throttling (CWE-770)
Summary

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP's. Configuring firewall limits for incoming connections cannot prevent the issue.

References
cve.org | nvd.nist.gov

Mitigation

Don't allow access to the HTTPS management interface from untrusted networks.In the default configuration, the access is only allowed from internal interfaces.

Remediation

The vulnerability is fixed in firmware version 8.9.0. We strongly recommend all affected users to upgrade to this or a later version.

Revision History

Version Date Summary
1 11/15/2022 10:27 Initial revision.
2 05/22/2025 15:03 Fix: added distribution, quotation mark