Summary
The integrity of the mGuard firmware atomic update process cannot be guaranteed under all circumstances.
The mGuard atomic update mechanism relies on internal checksums for the integrity verification of some portions of the update packages. The verification of these internal checksums may not always be performed correctly.
Impact
The mGuard only allows the installation of firmware updates digitally signed by Phoenix Contact (Innominate). The atomic update mechanism that was introduced with mGuard 7.2.0 to support the current generation of devices relies on internal checksums for the verification of the internal integrity of some portions of the update packages. As the verification may not always be performed correctly, an attacker might modify firmware update packages.
This vulnerability is present in all mGuard releases since 7.2.0 on the listed devices but does not affect the current mGuard 8.6.1 release.
Firmware images used to completely flash the device are not affected by this vulnerability.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| FL MGUARD CENTERPORT | Software 7.2<=8.6.0 | |
| FL MGUARD CORE TX VPN | Software 7.2<=8.6.0 | |
| FL MGUARD DELTA TX/TX | Software 7.2<=8.6.0 | |
| FL MGUARD DELTA TX/TX VPN | Software 7.2<=8.6.0 | |
| FL MGUARD GT/GT | Software 7.2<=8.6.0 | |
| FL MGUARD GT/GT VPN | Software 7.2<=8.6.0 | |
| FL MGUARD PCI4000 VPN | Software 7.2<=8.6.0 | |
| FL MGUARD PCIE4000 VPN | Software 7.2<=8.6.0 | |
| FL MGUARD RS2000 3G VPN | Software 7.2<=8.6.0 | |
| FL MGUARD RS2000 4G VPN | Software 7.2<=8.6.0 | |
| FL MGUARD RS2000 TX/TX VPN | Software 7.2<=8.6.0 | |
| FL MGUARD RS2000 TX/TX-B | Software 7.2<=8.6.0 | |
| FL MGUARD RS2005 TX VPN | Software 7.2<=8.6.0 | |
| FL MGUARD RS4000 3G VPN | Software 7.2<=8.6.0 | |
| FL MGUARD RS4000 4G VPN | Software 7.2<=8.6.0 | |
| FL MGUARD RS4000 TX/TX | Software 7.2<=8.6.0 | |
| FL MGUARD RS4000 TX/TX VPN | Software 7.2<=8.6.0 | |
| FL MGUARD RS4000 TX/TX VPN-M | Software 7.2<=8.6.0 | |
| FL MGUARD RS4000 TX/TX-P | Software 7.2<=8.6.0 | |
| FL MGUARD RS4004 TX/DTX | Software 7.2<=8.6.0 | |
| FL MGUARD RS4004 TX/DTX VPN | Software 7.2<=8.6.0 | |
| FL MGUARD SMART2 | Software 7.2<=8.6.0 | |
| FL MGUARD SMART2 VPN | Software 7.2<=8.6.0 |
Vulnerabilities
Expand / Collapse allAn Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. mGuard devices rely on internal checksums for verification of the internal integrity of the update packages. Verification may not always be performed correctly, allowing an attacker to modify firmware update packages.
Remediation
We strongly advise all mGuard users to upgrade to the firmware version 8.6.1.
Also affected are discontinued mGuard products from PHOENIX CONTACT and Innominate AG running firmware version 7.2.0 or above.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 30.01.2018 10:00 | Initial revision. |
| 2 | 15.01.2025 12:00 | update publisher details |
| 3 | 14.05.2025 14:28 | Fix: version space, firmware category, added distribution |