CVE-2020-12523 — MEDIUM (5.4)

Q: How severe is CVE-2020-12523?

CVE-2020-12523 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-12523?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn, Phoenixcontact Tc Mguard Rs4000 4G Att Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Att Vpn, Phoenixcontact Fl Mguard Rs4004 Tx\/Dtx Firmware.

Vulnerability Description

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Phoenixcontact	Tc Mguard Rs4000 4G Vzw Vpn Firmware	< 8.8.3
Phoenixcontact	Tc Mguard Rs4000 4G Vzw Vpn	-
Phoenixcontact	Tc Mguard Rs4000 4G Att Vpn Firmware	< 8.8.3
Phoenixcontact	Tc Mguard Rs4000 4G Att Vpn	-
Phoenixcontact	Fl Mguard Rs4004 Tx\/Dtx Firmware	< 8.8.3
Phoenixcontact	Fl Mguard Rs4004 Tx\/Dtx	-
Phoenixcontact	Fl Mguard Rs4004 Tx\/Dtx Vpn Firmware	< 8.8.3
Phoenixcontact	Fl Mguard Rs4004 Tx\/Dtx Vpn	-
Phoenixcontact	Tc Mguard Rs4000 3G Vpn Firmware	-
Phoenixcontact	Tc Mguard Rs4000 3G Vpn	-
Phoenixcontact	Tc Mguard Rs4000 4G Vpn Firmware	< 8.8.3
Phoenixcontact	Tc Mguard Rs4000 4G Vpn	-
Phoenixcontact	Innominate Mguard Rs4000 4Tx\/Tx Firmware	< 8.8.3
Phoenixcontact	Innominate Mguard Rs4000 4Tx\/Tx	-
Phoenixcontact	Innominate Mguard Rs4000 4Tx\/Tx Vpn Firmware	< 8.8.3
Phoenixcontact	Innominate Mguard Rs4000 4Tx\/Tx Vpn	-
Phoenixcontact	Innominate Mguard Rs4000 4Tx\/3G\/Tx Vpn Firmware	< 8.8.3
Phoenixcontact	Innominate Mguard Rs4000 4Tx\/3G\/Tx Vpn	-

Related Weaknesses (CWE)

CWE-909

References

https://cert.vde.com/en-us/advisories/vde-2020-046Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-046Third Party Advisory

FAQ

What is CVE-2020-12523?

CVE-2020-12523 is a vulnerability with a CVSS score of 5.4 (MEDIUM). On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LA...

How severe is CVE-2020-12523?

CVE-2020-12523 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-12523?

Check the references section above for vendor advisories and patch information. Affected products include: Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Vzw Vpn, Phoenixcontact Tc Mguard Rs4000 4G Att Vpn Firmware, Phoenixcontact Tc Mguard Rs4000 4G Att Vpn, Phoenixcontact Fl Mguard Rs4004 Tx\/Dtx Firmware.