Number: AV18-023
Date: 31 January 2018
Purpose
The purpose of this advisory is to bring attention to a PHOENIX CONTACT security update for mGuard.
Assessment
PHOENIX CONTACT released a security updates for mGuard to address an improper validation of integrity check value. Successful exploitation of this vulnerability could allow for a malicious actor to modify firmware update packages.
Affected products:
- mGuard firmware versions 7.2 to 8.6.0
CVE Reference: CVE-2018-5441
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly. For more information, please refer to the ICS-CERT references.