Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

[Control systems] PHOENIX CONTACT mGuard security update

Number: AV18-023
Date: 31 January 2018

Purpose

The purpose of this advisory is to bring attention to a PHOENIX CONTACT security update for mGuard.

Assessment

PHOENIX CONTACT released a security updates for mGuard to address an improper validation of integrity IntegrityThe ability to protect information from being modified or deleted unintentionally or when it’s not supposed to be. Integrity helps determine that information is what it claims to be. Integrity also applies to business processes, software application logic, hardware, and personnel. check value. Successful exploitation of this vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. could allow for a malicious actor to modify firmware update packages.

Affected products:

- mGuard firmware versions 7.2 to 8.6.0

CVE Reference: CVE-2018-5441

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly. For more information, please refer to the ICS-CERT references.

References

https://ics-cert.us-cert.gov/advisories/ICSA-18-030-01

Date modified: