This morning the DHS ICS-CERT published an advisory for an information disclosure vulnerability in the Innominate mGuard security routers. The advisory had been previously published on the US-CERT secure portal on July 8th. The vulnerability was originally reported by Applied Risk Research in a coordinated disclosure. Innominate has produced a new firmware version and a firmware patch to mitigate the vulnerability. Applied Risk Research has confirmed that the mitigation is effective.
ICS-CERT reports that a moderately skilled attacker could remotely exploit this vulnerability to gather information about network topology, traffic flows, and other connected systems.