OTPulse
FeedAboutContact

PHOENIX CONTACT mGuard Device Manager

Act Now9ICS-CERT ICSA-17-262-01Sep 19, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

mGuard Device Manager versions 1.8.0 and older contain an access control vulnerability (CWE-284) that allows unauthenticated remote attackers to access administrative functions. No vendor patch is available. The vulnerability affects centralized management of Phoenix Contact mGuard firewalls used to protect industrial control system networks.

What this means
What could happen
An attacker without credentials could remotely access the mGuard Device Manager and gain unauthorized control, potentially allowing modification of firewall rules, network configurations, or access policies on protected industrial networks and devices.
Who's at risk
Phoenix Contact mGuard Device Manager is used in utility and critical infrastructure environments for centralized management of mGuard firewalls and access control devices protecting OT networks. Organizations relying on mGuard for network security should assess whether they are running version 1.8.0 or older.
How it could be exploited
An attacker on the network sends unauthenticated requests to the mGuard Device Manager interface. Due to insufficient access controls (CWE-284), the attacker can directly interact with administrative functions without providing valid credentials. They can then modify configurations or extract sensitive information.
Prerequisites
  • Network access to the mGuard Device Manager interface (typically port 443 or 80)
  • Device is reachable from an attacker's network position (internal or external depending on network segmentation)
remotely exploitableno authentication requiredlow complexityno patch availableaffects security/access control systems
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (1)
ProductAffected VersionsFix Status
mGuard Device Manager: 1.8.0 and older≥ 1.8.0No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
WORKAROUNDImmediately restrict network access to the mGuard Device Manager using a firewall; allow only authorized engineering workstations and management systems to connect on the device management ports
HARDENINGDisable remote access to the Device Manager if not required; restrict management traffic to a dedicated, segmented management network
Mitigations - no patch available
0/1
mGuard Device Manager: 1.8.0 and older has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGMonitor access logs to the mGuard Device Manager for unauthorized connection attempts or configuration changes
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/624c2597-546a-4ccc-8c9c-0ffd2ecf98f2