SLTs § 27.4): NessunaĪprès l'enregistrement et l'activation de votre compte, vous aurez accès à l'édition EVAL de mGuard Secure Cloud pour évaluer gratuitement le système pendant 30 jours. ![]() Livello di servizio concordato (SLA, cfr. Periodo del Contratto di licenza: 30 giorni È possibile passare a un'altra edizione di mGuard Secure Cloud ed a una licenza permanente in qualsiasi momento durante il periodo di valutazione. L'uso del sistema è regolato dalle condizioni di licenza del software Phoenix Contact Software Terms International a partire da maggio 2018 (SLT). SLTs § 27.4): Keineĭopo la registrazione e l'attivazione del tuo account, avrai accesso all'edizione EVAL di mGuard Secure Cloud che ti consentirá di valutare gratuitamente il sistema per 30 giorni. ![]() Vereinbarte Verfügbarkeitsrate (SLA, vgl. Nach der Registrierung und Aktivierung Ihres Kontos haben Sie Zugriff auf die EVAL-Edition der mGuard Secure Cloud, um das System 30 Tage lang kostenlos zu testen.ĭie Nutzung des Systems unterliegt den Phoenix Contact Software Lizenzbedingungen International vom Mai 2018 (SLTs).Įin Upgrade auf eine andere mGuard Secure Cloud Edition und eine permanente Lizenz ist während des Testzeitraums jederzeit möglich. You may upgrade to another mGuard Secure Cloud edition and permanent license at any time during the evaluation period.Īgreed Availability Rate (SLA, cf. Use of the system is governed by the Phoenix Contact Software License Terms International as of May 2018 (SLTs). Users of the vulnerable products, which include firmware versions 4.0.0 through 8.0.2, can upgrade to versions 7.6.4, 8.0.3, 8.1.0 or 8.1.1 to patch the vulnerability.(see below for german, italian and french version)Īfter registration and activation of your account, you will have access to the EVAL edition of mGuard Secure Cloud to evaluate the system 30 days free of charge. Even though the snapshot that the Innominate mGuard vulnerability allows an attacker to get doesn’t include sensitive security information, the configuration and log files can be valuable in a targeted attack. Attackers will spend time gathering practical and technical information on a target network, looking for data on the kind of software the organization uses, who its partners, customers and suppliers are, and looking for soft spots in the infrastructure. The kind of network reconnaissance that this vulnerability could facilitate often is a preliminary step in a planned attack on a target. An attacker might gather information about network topology, traffic flows, and other connected systems from this data.” The configuration snapshot contains configuration data, current system information and log files, but no confidential data such as RSA private keys, Pre-Shared keys or passwords. ![]() “An attacker using a carefully crafted URL may download a configuration snapshot without prior authorization using the HTTPS CGI interface. While this is a minor vulnerability, it represents a method for further network reconnaissance,” the advisory says. “Exploitation of this vulnerability could allow a remote unauthenticated user access to release configuration information. In its advisory, ICS-CERT says that the vulnerability, while minor in and of itself, could be used as part of a reconnaissance mission for a future, more serious attack. The company, based in Germany, says that mGuard “offers both operators and machine and plant engineering companies a turnkey VPN ecosystem for industrial remote services.” The mGuard product is an IPsec-based VPN and the basic version of it is free. The vulnerability is an information disclosure bug in the Innominate mGuard product, which is meant to connect operators to machines in remote plants and industrial facilities via a VPN system. The ICS-CERT is warning users about a vulnerability in a secure public cloud product from Innominate that enables an attacker to gain valuable configuration data about a target system, information that could be used in future attacks.
0 Comments
Leave a Reply. |