Lucene search

[email protected]CVE-2022-3480

HistoryNov 15, 2022 - 11:15 a.m.

CVE-2022-3480

2022-11-1511:15:00

CWE-770

[email protected]

web.nvd.nist.gov

cve-2022-3480

phoenix contact

fl mguard

tc mguard

denial-of-service

unauthenticated

https

firewall limits

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

55.0%

JSON

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue.

CPENameOperatorVersion
phoenixcontact:fl_mguard_centerport_firmwarephoenixcontact fl mguard centerport firmwarelt8.9.0
phoenixcontact:fl_mguard_centerport_vpn-1000_firmwarephoenixcontact fl mguard centerport vpn-1000 firmwarelt8.9.0
phoenixcontact:fl_mguard_core_tx_firmwarephoenixcontact fl mguard core tx firmwarelt8.9.0
phoenixcontact:fl_mguard_core_tx_vpn_firmwarephoenixcontact fl mguard core tx vpn firmwarelt8.9.0
phoenixcontact:fl_mguard_delta_tx\/tx_firmwarephoenixcontact fl mguard delta tx\/tx firmwarelt8.9.0
phoenixcontact:fl_mguard_delta_tx\/tx_vpn_firmwarephoenixcontact fl mguard delta tx\/tx vpn firmwarelt8.9.0
phoenixcontact:fl_mguard_gt\/gt_firmwarephoenixcontact fl mguard gt\/gt firmwarelt8.9.0
phoenixcontact:fl_mguard_gt\/gt_vpn_firmwarephoenixcontact fl mguard gt\/gt vpn firmwarelt8.9.0
phoenixcontact:fl_mguard_pci4000_firmwarephoenixcontact fl mguard pci4000 firmwarelt8.9.0
phoenixcontact:fl_mguard_pci4000_vpn_firmwarephoenixcontact fl mguard pci4000 vpn firmwarelt8.9.0

CPE	Name	Operator	Version
phoenixcontact:fl_mguard_centerport_firmware	phoenixcontact fl mguard centerport firmware	lt	8.9.0
phoenixcontact:fl_mguard_centerport_vpn-1000_firmware	phoenixcontact fl mguard centerport vpn-1000 firmware	lt	8.9.0
phoenixcontact:fl_mguard_core_tx_firmware	phoenixcontact fl mguard core tx firmware	lt	8.9.0
phoenixcontact:fl_mguard_core_tx_vpn_firmware	phoenixcontact fl mguard core tx vpn firmware	lt	8.9.0
phoenixcontact:fl_mguard_delta_tx\/tx_firmware	phoenixcontact fl mguard delta tx\/tx firmware	lt	8.9.0
phoenixcontact:fl_mguard_delta_tx\/tx_vpn_firmware	phoenixcontact fl mguard delta tx\/tx vpn firmware	lt	8.9.0
phoenixcontact:fl_mguard_gt\/gt_firmware	phoenixcontact fl mguard gt\/gt firmware	lt	8.9.0
phoenixcontact:fl_mguard_gt\/gt_vpn_firmware	phoenixcontact fl mguard gt\/gt vpn firmware	lt	8.9.0
phoenixcontact:fl_mguard_pci4000_firmware	phoenixcontact fl mguard pci4000 firmware	lt	8.9.0
phoenixcontact:fl_mguard_pci4000_vpn_firmware	phoenixcontact fl mguard pci4000 vpn firmware	lt	8.9.0

Rows per page:

1-10 of 311

References

cert.vde.com/en/advisories/VDE-2022-051/

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

55.0%

JSON

Related for CVE-2022-3480

prion1 cvelist1