PHOENIX CONTACT Advisory for mGuard products
VDE-2018-001 (2018-01-30 10:01 UTC+0200)
CVE Identifier
CVE-2018-5441Affected Vendors
PHOENIX CONTACT, Innominate Security Technologies
Affected Products
mGuard firmware version 7.2 to 8.6.0
Vulnerability Type
Improper Validation of Integrity Check Value (CWE - 354)Summary
The integrity of the mGuard firmware atomic update process cannot be guaranteed under all circumstances.
The mGuard atomic update mechanism relies on internal checksums for the integrity verification of some portions of the update packages. The verification of these internal checksums may not always be performed correctly.
Impact
The mGuard only allows the installation of firmware updates digitally signed by Phoenix Contact (Innominate). The atomic update mechanism that was introduced with mGuard 7.2.0 to support the current generation of devices relies on internal checksums for the verification of the internal integrity of some portions of the update packages. As the verification may not always be performed correctly, an attacker might modify firmware update packages.
This vulnerability is present in all mGuard releases since 7.2.0 on the listed devices but does not affect the current mGuard 8.6.1 release.
Firmware images used to completely flash the device are not affected by this vulnerability.
Solution
We strongly advise all mGuard users to upgrade to the firmware version 8.6.1.
Also affected are discontinued mGuard products from PHOENIX CONTACT and Innominate AG running firmware version 7.2.0 or above.
SHA-512 Checksums
Update_8.6.1_MPC.zip
5672E68B9062EEA634AB5BC9424B40EFF587A11C132FB3018B8E0565A3A01C6F9A3DCAE13E0B47683BDC734D1B1C56AE3998C65BBC9576EEC36F6340CB1DB053
Update_8.6.1_X86.zip
7FED3804E8B934E83BA9B42C41EE12EA380A1B4D7734B91ECA4C957E3CFB590C9A3E764EC13F02A84938D2EB4AF5224F13E8D73DB565140AC670B79144C0AB88
Update_8.6.1_TC3G_MPC.zip
DB7294FE40DEE2F6C85C7DF747520F26C7FDA9FDAD52F0CEED19F8370BC48CDF428DEB8B29A9C41B741264229213D4C65E6D1481396E3F2513F72DEBF1CB2947
Update_8.6.1_TC4G_MPC.zip
34EB967764EBA936BE1A310AA77DCE9D44D3ECE6E07A353928723C387AA5FC4768B9E4DA446FB0568ADE9F928E18E544EE9EA524BE7499CE016A746E57623C66
mguard-firmware-repositories-8.6.1_mpc.zip
29C9276DD44FB315F250376C4DDAF6F93B5CC4512AD3F006FC0B62CD85125D8DFFB57897BED0EB3B0C5B0CF256FF8CF3619F83E96444D88E3FF897BEF859BBF1
mguard-firmware-repositories-8.6.1_x86.zip
D8C73FA959849563DF56607D567F0FFD1F739F2EC3043298A90C424745BCB594165A87938A02B1129F4437E3E444E94E30F8900FB3DD98FBCDD97EA56B9CF200
Reported by
PHOENIX CONTACT reported this vulnerability to CERT@VDE.