VDE-2024-029
Last update
11.06.2024 08:00
Published at
11.06.2024 08:00
Vendor(s)
Phoenix Contact GmbH & Co. KG
External ID
VDE-2024-029
CSAF Document
Summary
The OpenSSL library used in the affected products is vulnerable to an unbounded growth of the session cache in the TLSv1.3 implementation.
Impact
A remote attacker can exhaust all memory by establishing a large number of TLSv1.3 connections to the web interface, causing the device to reboot.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 1153079 | FL MGUARD 1102 | Firmware <1.8.0 |
| 1153078 | FL MGUARD 1105 | Firmware <1.8.0 |
Vulnerabilities
Expand / Collapse all
Published
10.02.2026 14:06
Severity
Weakness
Improperly Controlled Sequential Memory Allocation (CWE-1325)
References
Mitigation
Phoenix Contact recommends that customers restrict network access to the device's web interface to as few networks as possible.
Acknowledgments
Phoenix Contact GmbH & Co. KG thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 11.06.2024 08:00 | Initial revision. |