CVE-2022-3480

Summary

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue.

Affected Software

VendorProductVersion RangeStatus
PHOENIX CONTACTFL MGUARD CENTERPORT0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD CENTERPORT VPN-10000 < 8.9.0affected
PHOENIX CONTACTFL MGUARD CORE TX0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD CORE TX VPN0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD DELTA TX/TX0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD DELTA TX/TX VPN0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD GT/GT0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD GT/GT VPN0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD PCI40000 < 8.9.0affected
PHOENIX CONTACTFL MGUARD PCI4000 VPN0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD PCIE40000 < 8.9.0affected
PHOENIX CONTACTFL MGUARD PCIE4000 VPN0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD RS2000 TX/TX-B0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD RS2000 TX/TX VPN0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD RS2005 TX VPN0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD RS4000 TX/TX0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD RS4000 TX/TX-M0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD RS4000 TX/TX-P0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD RS4000 TX/TX VPN0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD RS4004 TX/DTX0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD RS4004 TX/DTX VPN0 < 8.9.0affected
PHOENIX CONTACTFL MGUARD SMART20 < 8.9.0affected
PHOENIX CONTACTFL MGUARD SMART2 VPN0 < 8.9.0affected
PHOENIX CONTACTTC MGUARD RS2000 3G VPN0 < 8.9.0affected
PHOENIX CONTACTTC MGUARD RS2000 4G ATT VPN0 < 8.9.0affected
PHOENIX CONTACTTC MGUARD RS2000 4G VPN0 < 8.9.0affected
PHOENIX CONTACTTC MGUARD RS2000 4G VZW VPN0 < 8.9.0affected
PHOENIX CONTACTTC MGUARD RS4000 3G VPN0 < 8.9.0affected
PHOENIX CONTACTTC MGUARD RS4000 4G ATT VPN0 < 8.9.0affected
PHOENIX CONTACTTC MGUARD RS4000 4G VPN0 < 8.9.0affected
PHOENIX CONTACTTC MGUARD RS4000 4G VZW VPN0 < 8.9.0affected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References