Vulnerabilities > CVE-2020-12523 - Missing Initialization of Resource vulnerability in Phoenixcontact products

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

phoenixcontact

CWE-909

NVD

Published: 2020-12-17

Updated: 2020-12-21

Summary

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource

Vulnerable Configurations

Part	Description	Count
OS	Phoenixcontact Phoenixcontact TC Mguard Rs4000 4G VZW VPN Firmware * Phoenixcontact TC Mguard Rs4000 4G ATT VPN Firmware * Phoenixcontact FL Mguard Rs4004 Tx/Dtx Firmware * Phoenixcontact FL Mguard Rs4004 Tx/Dtx VPN Firmware * Phoenixcontact TC Mguard Rs4000 3G VPN Firmware - Phoenixcontact TC Mguard Rs4000 4G VPN Firmware * Phoenixcontact Innominate Mguard Rs4000 4Tx/Tx Firmware * Phoenixcontact Innominate Mguard Rs4000 4Tx/Tx VPN Firmware * Phoenixcontact Innominate Mguard Rs4000 4Tx/3G/Tx VPN Firmware *	9
Hardware	Phoenixcontact Phoenixcontact TC Mguard Rs4000 4G VZW VPN - Phoenixcontact TC Mguard Rs4000 4G ATT VPN - Phoenixcontact FL Mguard Rs4004 Tx/Dtx - Phoenixcontact FL Mguard Rs4004 Tx/Dtx VPN - Phoenixcontact TC Mguard Rs4000 3G VPN - Phoenixcontact TC Mguard Rs4000 4G VPN - Phoenixcontact Innominate Mguard Rs4000 4Tx/Tx - Phoenixcontact Innominate Mguard Rs4000 4Tx/Tx VPN - Phoenixcontact Innominate Mguard Rs4000 4Tx/3G/Tx VPN -	9

Common Weakness Enumeration (CWE)

CWE-909 - Missing Initialization of Resource

References

https://cert.vde.com/en-us/advisories/vde-2020-046