{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "tracking": { "generator": { "date": "2025-03-31T07:41:03.598Z", "engine": { "version": "2.5.22", "name": "Secvisogram" } }, "current_release_date": "2025-05-22T13:03:10.000Z", "id": "VDE-2022-014", "initial_release_date": "2022-04-12T06:00:00.000Z", "version": "2", "status": "final", "revision_history": [ { "number": "1", "date": "2022-04-12T06:00:00.000Z", "summary": "Initial revision." }, { "number": "2", "summary": "Fix: added distribution, quotation mark", "date": "2025-05-22T13:03:10.000Z" } ], "aliases": [ "VDE-2022-014" ] }, "title": "PHOENIX CONTACT: mGuard Device Manager affected by HTTP Request Smuggling of Apache Webserver", "lang": "en-GB", "acknowledgments": [ { "organization": "CERT@VDE", "summary": "coordination" }, { "organization": "James Kettle", "summary": "discovering." } ], "notes": [ { "category": "summary", "title": "Summary", "text": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling.\nFor the mGuard Device Manager only the mdm Installer for Windows is affected." }, { "title": "Impact", "category": "description", "text": "Attackers with network access to the Apache web server can download and therefore read mGuard configuration profiles ('ATV profiles'). Such configuration profiles may contain sensitive information, e.g., private keys associated with IPsec VPN connections." }, { "text": "This vulnerability is exploitable only if the ConfigPull functionality is used and config files are stored unencrypted. As a best practice and mitigation measure, we recommend storing configuration files encrypted with the device specific public key of the mGuard appliances.", "title": "Mitigation", "category": "description" }, { "text": "PHOENIX CONTACT strongly recommends upgrading FL MGUARD DM UNLIMITED to version 1.13.0.2 or higher, which fixes this vulnerability.", "category": "description", "title": "Remediation" } ], "publisher": { "contact_details": "psirt@phoenixcontact.com", "category": "vendor", "name": "Phoenix Contact GmbH & Co. KG", "namespace": "https://phoenixcontact.com/psirt" }, "references": [ { "summary": "PHOENIX CONTACT PSIRT ", "url": "https://phoenixcontact.com/psirt", "category": "external" }, { "summary": "CERT@VDE Security Advisories for PHOENIX CONTACT", "url": "https://certvde.com/en/advisories/vendor/phoenixcontact/", "category": "external" }, { "summary": "VDE-2022-014: PHOENIX CONTACT: mGuard Device Manager affected by HTTP Request Smuggling of Apache Webserver - HTML", "url": "https://certvde.com/en/advisories/VDE-2022-014/", "category": "self" }, { "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-014.json", "summary": "VDE-2022-014: PHOENIX CONTACT: mGuard Device Manager affected by HTTP Request Smuggling of Apache Webserver - CSAF", "category": "self" } ], "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } } }, "product_tree": { "branches": [ { "name": "PHOENIX CONTACT", "category": "vendor", "branches": [ { "name": "Hardware", "category": "product_family", "branches": [ { "name": "FL MGUARD DM UNLIMITED", "category": "product_name", "product": { "name": "FL MGUARD DM UNLIMITED", "product_id": "CSAFPID-11001", "product_identification_helper": { "model_numbers": [ "2981974" ] } } } ] }, { "name": "Firmware", "category": "product_family", "branches": [ { "name": "<=1.13.0.1", "category": "product_version_range", "product": { "name": "Firmware <=1.13.0.1", "product_id": "CSAFPID-21001" } }, { "name": "1.13.0.2", "category": "product_version", "product": { "name": "Firmware 1.13.0.2", "product_id": "CSAFPID-22001" } } ] } ] } ], "relationships": [ { "product_reference": "CSAFPID-21001", "relates_to_product_reference": "CSAFPID-11001", "category": "installed_on", "full_product_name": { "name": "Firmware <=1.13.0.1 installed on FL MGUARD DM UNLIMITED", "product_id": "CSAFPID-31001" } }, { "relates_to_product_reference": "CSAFPID-11001", "product_reference": "CSAFPID-22001", "category": "installed_on", "full_product_name": { "name": "Firmware 1.13.0.2 installed on FL MGUARD DM UNLIMITED", "product_id": "CSAFPID-32001" } } ] }, "vulnerabilities": [ { "cve": "CVE-2022-22720", "title": "CVE-2022-22720", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')" }, "notes": [ { "title": "Vulnerability Description", "text": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling", "category": "description" } ], "product_status": { "known_affected": [ "CSAFPID-31001" ], "fixed": [ "CSAFPID-32001" ] }, "remediations": [ { "details": "This vulnerability is exploitable only if the ConfigPull functionality is used and config files are stored unencrypted. As a best practice and mitigation measure, we recommend storing configuration files encrypted with the device specific public key of the mGuard appliances.", "category": "mitigation", "product_ids": [ "CSAFPID-31001" ] }, { "details": "PHOENIX CONTACT strongly recommends upgrading FL MGUARD DM UNLIMITED to version 1.13.0.2 or higher, which fixes this vulnerability.", "category": "vendor_fix", "product_ids": [ "CSAFPID-31001" ] } ], "scores": [ { "cvss_v3": { "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "temporalScore": 9.8, "temporalSeverity": "CRITICAL", "environmentalScore": 9.8, "environmentalSeverity": "CRITICAL" }, "products": [ "CSAFPID-31001" ] } ] } ] }