CVE-2022-3480: A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger…

high7.5CVSS 3.1

AVNACLPRNUINSUCNINAH

A remote, unauthenticated attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending a larger number of unauthenticated HTTPS connections originating from different source IP’s. Configuring firewall limits for incoming connections cannot prevent the issue.

Affected

62 ranges· showing 25

Vendor	Product	Version range	Fixed in
phoenix_contact	fl_mguard_centerport	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_centerport_vpn-1000	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_core_tx	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_core_tx_vpn	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_delta_tx_tx	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_delta_tx_tx_vpn	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_gt_gt	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_gt_gt_vpn	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_pci4000	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_pci4000_vpn	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_pcie4000	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_pcie4000_vpn	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_rs2000_tx_tx-b	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_rs2000_tx_tx_vpn	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_rs2005_tx_vpn	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_rs4000_tx_tx	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_rs4000_tx_tx-m	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_rs4000_tx_tx-p	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_rs4000_tx_tx_vpn	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_rs4004_tx_dtx	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_rs4004_tx_dtx_vpn	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_smart2	< 8.9.0	8.9.0
phoenix_contact	fl_mguard_smart2_vpn	< 8.9.0	8.9.0
phoenix_contact	tc_mguard_rs2000_3g_vpn	< 8.9.0	8.9.0
phoenix_contact	tc_mguard_rs2000_4g_att_vpn	< 8.9.0	8.9.0