{ "document": { "acknowledgments": [ { "organization": "CERT@VDE", "summary": "coordination", "urls": [ "https://certvde.com" ] } ], "aggregate_severity": { "namespace": "https://phoenixcontact.com/psirt", "text": "MEDIUM" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en-US", "notes": [ { "category": "summary", "text": "The jq JSON processor, which is used to migrate firmware configurations in the product, contains 2 vulnerabilities that can be exploited by an authenticated attacker.", "title": "Summary" }, { "category": "description", "text": "An authenticated attacker can cause a denial of service.", "title": "Impact" }, { "category": "description", "text": "Phoenix Contact strongly recommends upgrading affected mGuard devices to firmware version 1.8.1 or higher which fixes this vulnerability.", "title": "Remediation" }, { "category": "general", "text": "For general information and recommendations on security measures refer to the mGuard documentation: https://help.mguard.com/en/documentation", "title": "General Recommendation" }, { "category": "description", "text": "mGuards are industrial routers and security appliances.", "title": "Product Description" } ], "publisher": { "category": "vendor", "contact_details": "psirt@phoenixcontact.com", "name": "Phoenix Contact GmbH & Co. KG", "namespace": "https://phoenixcontact.com/psirt" }, "references": [ { "category": "external", "summary": "PCSA-2025/00016", "url": "https://phoenixcontact.com/psirt" }, { "category": "external", "summary": "Phoenix Contact advisory overview at CERT@VDE", "url": "https://certvde.com/de/advisories/vendor/phoenixcontact/" }, { "category": "self", "summary": "VDE-2025-077: Phoenix Contact: Two vulnerabilities in the jq JSON processor utilized by FL MGUARD 110x devices - HTML", "url": "https://certvde.com/en/advisories/VDE-2025-077" }, { "category": "self", "summary": "VDE-2025-077: Phoenix Contact: Two vulnerabilities in the jq JSON processor utilized by FL MGUARD 110x devices - CSAF", "url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-077.json" } ], "source_lang": "en", "title": "Phoenix Contact: Two vulnerabilities in the jq JSON processor utilized by FL MGUARD 110x devices", "tracking": { "aliases": [ "VDE-2025-077", "PCSA-2025/00016" ], "current_release_date": "2025-09-09T10:00:00.000Z", "generator": { "date": "2025-08-28T09:27:08.346Z", "engine": { "name": "Secvisogram", "version": "2.5.32" } }, "id": "VDE-2025-077", "initial_release_date": "2025-09-09T10:00:00.000Z", "revision_history": [ { "date": "2025-08-04T10:00:00.000Z", "number": "1", "summary": "Initial revision." } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "FL MGUARD 1102", "product": { "name": "FL MGUARD 1102", "product_id": "CSAFPID-11001", "product_identification_helper": { "model_numbers": [ "1153079" ] } } }, { "category": "product_name", "name": "FL MGUARD 1105", "product": { "name": "FL MGUARD 1105", "product_id": "CSAFPID-11002", "product_identification_helper": { "model_numbers": [ "1153078" ] } } } ], "category": "product_family", "name": "Hardware" }, { "branches": [ { "category": "product_version_range", "name": "<1.8.1", "product": { "name": "Firmware <1.8.1", "product_id": "CSAFPID-21001" } }, { "category": "product_version", "name": "1.8.1", "product": { "name": "Firmware 1.8.1", "product_id": "CSAFPID-22001" } } ], "category": "product_family", "name": "Firmware" } ], "category": "vendor", "name": "Phoenix Contact" } ], "product_groups": [ { "group_id": "CSAFGID-0001", "product_ids": [ "CSAFPID-31001", "CSAFPID-31002" ], "summary": "Affected products" }, { "group_id": "CSAFGID-0002", "product_ids": [ "CSAFPID-32001", "CSAFPID-32002" ], "summary": "Fixed products" } ], "relationships": [ { "category": "installed_on", "full_product_name": { "name": "Firmware <1.8.1 installed on FL MGUARD 1102", "product_id": "CSAFPID-31001" }, "product_reference": "CSAFPID-21001", "relates_to_product_reference": "CSAFPID-11001" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <1.8.1 installed on FL MGUARD 1105", "product_id": "CSAFPID-31002" }, "product_reference": "CSAFPID-21001", "relates_to_product_reference": "CSAFPID-11002" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.8.1 installed on FL MGUARD 1102", "product_id": "CSAFPID-32001" }, "product_reference": "CSAFPID-22001", "relates_to_product_reference": "CSAFPID-11001" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.8.1 installed on FL MGUARD 1105", "product_id": "CSAFPID-32002" }, "product_reference": "CSAFPID-22001", "relates_to_product_reference": "CSAFPID-11002" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-23337", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "audience": "all", "category": "description", "text": "jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer limit. This causes a denial of service. Commit de21386681c0df0104a99d9d09db23a9b2a78b1e contains a patch for the issue.", "title": "Vulnerability Description" }, { "audience": "operational management and system administrators", "category": "details", "text": "An authenticated attacker can cause a denial of service (memory exhaustion) by sending malformed data to the device in an HTTPS request. The impact is mitigated by the device enforcing a limit to the maximum HTTPS request size. To launch a successful attack, an attacker would have to circumvent this limit.", "title": "Vulnerability Characterization" }, { "category": "details", "text": "In FL MGUARD devices, the jq JSON processor is used to migrate firmware configurations. The vulnerability can only be exploited by an authenticated administrative user in FL MGUARD devices. This reduces the vulnerability's severity to: CVSS-Score: 4.9, CSSS-Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "title": "Vulnerability Details" } ], "product_status": { "fixed": [ "CSAFPID-32001", "CSAFPID-32002" ], "known_affected": [ "CSAFPID-31001", "CSAFPID-31002" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-08-04T10:00:00.000Z", "details": "Phoenix Contact strongly recommends upgrading affected mGuard devices to firmware version 1.8.1 or higher which fixes this vulnerability.", "group_ids": [ "CSAFGID-0001" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "environmentalScore": 6.5, "environmentalSeverity": "MEDIUM", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-31001", "CSAFPID-31002" ] } ], "title": "CVE-2024-23337" }, { "cve": "CVE-2025-48060", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "audience": "all", "category": "description", "text": "jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function `jv_string_vfmt` in the jq_fuzz_execute harness from oss-fuzz. This crash happens on file jv.c, line 1456 `void* p = malloc(sz);`. As of time of publication, no patched versions are available.", "title": "Vulnerability Description" }, { "audience": "operational management and system administrators", "category": "details", "text": "An authenticated attacker can cause a denial of service (crash of HTTPS request processor) by sending malformed data to the device in an HTTPS request.", "title": "Vulnerability Characterization" }, { "category": "details", "text": "In FL MGUARD devices, the jq JSON processor is used to migrate firmware configurations. The vulnerability can only be exploited by an authenticated administrative user in FL MGUARD devices. This reduces the vulnerability's severity to: CVSS-Score: 4.9, CSSS-Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "title": "Vulnerability Details" } ], "product_status": { "fixed": [ "CSAFPID-32001", "CSAFPID-32002" ], "known_affected": [ "CSAFPID-31001", "CSAFPID-31002" ] }, "remediations": [ { "category": "vendor_fix", "date": "2025-08-04T10:00:00.000Z", "details": "Phoenix Contact strongly recommends upgrading affected mGuard devices to firmware version 1.8.1 or higher which fixes this vulnerability.", "group_ids": [ "CSAFGID-0001" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-31001", "CSAFPID-31002" ] } ], "title": "CVE-2025-48060" } ] }