CVE-2022-3480

Name of the Vulnerable Software and Affected Versions PHOENIX CONTACT FL MGUARD and TC MGUARD versions prior to 8.9.0

Description The issue is related to unlimited resource distribution in the management interface of PHOENIX CONTACT FL MGUARD and TC MGUARD devices. A remote, unauthenticated attacker could cause a denial-of-service by creating a large number of unauthenticated HTTPS connections from different source IP addresses. Configuring firewall limits for incoming connections cannot prevent the issue.

Recommendations For versions prior to 8.9.0, update to version 8.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation. Restrict incoming HTTPS connections to trusted IP addresses to reduce the risk of denial-of-service attacks.