ICS-CERT Publishes Advisory for Innominate Security Routers

This morning the DHS ICS-CERT published an advisory for an information disclosure vulnerability in the Innominate mGuard security routers. The advisory had been previously published on the US-CERT secure portal on July 8^th. The vulnerability was originally reported by Applied Risk Research in a coordinated disclosure. Innominate has produced a new firmware version and a firmware patch to mitigate the vulnerability. Applied Risk Research has confirmed that the mitigation is effective.

ICS-CERT reports that a moderately skilled attacker could remotely exploit this vulnerability to gather information about network topology, traffic flows, and other connected systems.

Applied Risk Research reports that the vulnerability probably applies to the Phoenix Contact FL mGuard and Hirschman Eagle mGuard product lines since they share the same firmware codebase. This is not mentioned in the Innominate security bulletin.