CVE-2020-12523

Summary

CVE	CVE-2020-12523
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-12-17 23:15:00 UTC
Updated	2020-12-21 14:16:00 UTC
Description	On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource

Risk And Classification

Problem Types: CWE-909

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Phoenixcontact	Fl Mguard Rs4004 Tx/dtx	-	All	All	All
Hardware	Phoenixcontact	Fl Mguard Rs4004 Tx/dtx	-	All	All	All
Operating System	Phoenixcontact	Fl Mguard Rs4004 Tx/dtx Firmware	All	All	All	All
Operating System	Phoenixcontact	Fl Mguard Rs4004 Tx/dtx Firmware	All	All	All	All
Hardware	Phoenixcontact	Fl Mguard Rs4004 Tx/dtx Vpn	-	All	All	All
Hardware	Phoenixcontact	Fl Mguard Rs4004 Tx/dtx Vpn	-	All	All	All
Operating System	Phoenixcontact	Fl Mguard Rs4004 Tx/dtx Vpn Firmware	All	All	All	All
Operating System	Phoenixcontact	Fl Mguard Rs4004 Tx/dtx Vpn Firmware	All	All	All	All
Hardware	Phoenixcontact	Innominate Mguard Rs4000 4tx/3g/tx Vpn	-	All	All	All
Hardware	Phoenixcontact	Innominate Mguard Rs4000 4tx/3g/tx Vpn	-	All	All	All
Operating System	Phoenixcontact	Innominate Mguard Rs4000 4tx/3g/tx Vpn Firmware	All	All	All	All
Operating System	Phoenixcontact	Innominate Mguard Rs4000 4tx/3g/tx Vpn Firmware	All	All	All	All
Hardware	Phoenixcontact	Innominate Mguard Rs4000 4tx/tx	-	All	All	All
Hardware	Phoenixcontact	Innominate Mguard Rs4000 4tx/tx	-	All	All	All
Operating System	Phoenixcontact	Innominate Mguard Rs4000 4tx/tx Firmware	All	All	All	All
Operating System	Phoenixcontact	Innominate Mguard Rs4000 4tx/tx Firmware	All	All	All	All
Hardware	Phoenixcontact	Innominate Mguard Rs4000 4tx/tx Vpn	-	All	All	All
Hardware	Phoenixcontact	Innominate Mguard Rs4000 4tx/tx Vpn	-	All	All	All
Operating System	Phoenixcontact	Innominate Mguard Rs4000 4tx/tx Vpn Firmware	All	All	All	All
Operating System	Phoenixcontact	Innominate Mguard Rs4000 4tx/tx Vpn Firmware	All	All	All	All
Hardware	Phoenixcontact	Tc Mguard Rs4000 3g Vpn	-	All	All	All
Hardware	Phoenixcontact	Tc Mguard Rs4000 3g Vpn	-	All	All	All
Operating System	Phoenixcontact	Tc Mguard Rs4000 3g Vpn Firmware	-	All	All	All
Operating System	Phoenixcontact	Tc Mguard Rs4000 3g Vpn Firmware	-	All	All	All
Hardware	Phoenixcontact	Tc Mguard Rs4000 4g Att Vpn	-	All	All	All
Hardware	Phoenixcontact	Tc Mguard Rs4000 4g Att Vpn	-	All	All	All
Operating System	Phoenixcontact	Tc Mguard Rs4000 4g Att Vpn Firmware	All	All	All	All
Operating System	Phoenixcontact	Tc Mguard Rs4000 4g Att Vpn Firmware	All	All	All	All
Hardware	Phoenixcontact	Tc Mguard Rs4000 4g Vpn	-	All	All	All
Hardware	Phoenixcontact	Tc Mguard Rs4000 4g Vpn	-	All	All	All
Operating System	Phoenixcontact	Tc Mguard Rs4000 4g Vpn Firmware	All	All	All	All
Operating System	Phoenixcontact	Tc Mguard Rs4000 4g Vpn Firmware	All	All	All	All
Hardware	Phoenixcontact	Tc Mguard Rs4000 4g Vzw Vpn	-	All	All	All
Hardware	Phoenixcontact	Tc Mguard Rs4000 4g Vzw Vpn	-	All	All	All
Operating System	Phoenixcontact	Tc Mguard Rs4000 4g Vzw Vpn Firmware	All	All	All	All
Operating System	Phoenixcontact	Tc Mguard Rs4000 4g Vzw Vpn Firmware	All	All	All	All

References

Reference	Source	Link	Tags
PHOENIX CONTACT: mGuard products missing initialization of resource — English (USA)	CONFIRM	cert.vde.com	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: Discovered by SMST Designers & Constructors B.V., Phoenix Contact reported to CERT@VDE

Legacy QID Mappings

591336 Phoenix Contact mGuard Missing Initialization of Resource Vulnerability (VDE-2020-046)