Phoenix Contact: Two vulnerabilities in the jq JSON processor utilized by FL MGUARD 110x devices

Plan Patch7.5VDE-2025-077Sep 9, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Two vulnerabilities exist in the jq JSON processor embedded in Phoenix Contact FL MGUARD 1102 and 1105 industrial security gateway devices (firmware versions before 1.8.1). The vulnerabilities are an integer overflow (CWE-190) and a buffer overflow (CWE-787). An authenticated attacker who can access the device's configuration interface and upload a malformed JSON configuration file can trigger these flaws during firmware configuration migration, causing the device to crash and interrupt network traffic filtering and security operations. The vulnerabilities require valid administrative credentials and direct access to the management interface.

What this means

What could happen

An authenticated attacker with access to the device's configuration interface could trigger integer overflow or buffer overflow flaws in the jq JSON processor, potentially causing the device to crash and disrupt network traffic filtering and gateway operations.

Who's at risk

FL MGUARD 1102 and 1105 industrial security appliances used as network gateways and firewalls in manufacturing facilities, critical infrastructure, and utility environments. Organizations responsible for network security appliance management and firmware updates should prioritize this patch.

How it could be exploited

An attacker with valid credentials to the FL MGUARD device's administrative interface could submit a malformed JSON configuration file that triggers an integer overflow or buffer overflow in the embedded jq processor during firmware configuration migration, causing a denial of service.

Prerequisites

Valid administrative credentials for the FL MGUARD device
Network access to the device's management interface (SSH, web UI, or API)
Ability to upload or modify configuration files

remotely exploitablelow complexityhigh CVSS score (7.5)

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

FL MGUARD 1102<1.8.11.8.1

FL MGUARD 1105<1.8.11.8.1

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict administrative access to FL MGUARD devices to authorized engineering personnel only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

FL MGUARD 1102

HOTFIXUpdate FL MGUARD 1102 and 1105 devices to firmware version 1.8.1 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to limit management interface access to a dedicated engineering VLAN

CVEs (2)

CVE-2024-23337 CVE-2025-48060

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c377809c-073a-46fd-88dd-d93038835871