OTPulse
FeedAboutContact

Innominate mGuard Unauthorized Leakage of System Data

Low RiskICS-CERT ICSA-14-189-02Apr 10, 2014
Summary

Innominate mGuard firmware versions 4.0.0 through 8.0.1 contain an unauthorized information disclosure vulnerability (CWE-200). The device does not properly enforce access controls, allowing an attacker with network access to read sensitive system data including configuration information and potentially credentials without authentication. This affects mGuard devices used as network security gateways and industrial firewalls.

What this means
What could happen
An attacker with network access to the mGuard could read sensitive system data such as configuration files or credentials, potentially compromising authentication or revealing network topology information.
Who's at risk
Organizations using Innominate mGuard devices for network security or industrial gateway functions should care about this issue. The mGuard is typically deployed to protect critical OT networks and secure communications between operational networks and corporate systems, so exposure of system data could reveal credentials or configuration details needed to further compromise the plant network.
How it could be exploited
An attacker on the network sends requests to the mGuard device to access system files or data endpoints that should be restricted. The device does not properly validate access controls, allowing unauthorized information disclosure without authentication.
Prerequisites
  • Network access to the mGuard device
  • mGuard firmware version 4.0.0 through 8.0.1
remotely exploitableno authentication requiredno patch availableinformation disclosure
Exploitability
Moderate exploit probability (EPSS 1.8%)
Affected products (1)
ProductAffected VersionsFix Status
Innominate mGuard firmware: >=4.0.0|<8.0.2≥ 4.0.0|<8.0.2No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDReview and restrict access to the mGuard device using firewall rules to limit which IP addresses and networks can communicate with it
Mitigations - no patch available
0/2
Innominate mGuard firmware: >=4.0.0|<8.0.2 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to the mGuard to only authorized administrative networks
HARDENINGMonitor the mGuard for suspicious data access attempts or unexpected outbound connections
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/46b23e4c-aec7-4171-be6c-94b5d3b6835d
Innominate mGuard Unauthorized Leakage of System Data - OTPulse