CVE-2020-12523

Name: CVE-2020-12523
Creator: NVD / NIST
Published: 2020-12-17T23:15:13.263+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.1/10EPSS 0.89%

Last modified Jun 17, 2026

CVE-2020-12523 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. EPSS estimates a 0.89% chance of exploitation in the next 30 days.

Description

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports get functional independent from their configuration setting: Missing Initialization of Resource

Metrics

CVSS 3.1

9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Probability

0.89%

54.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Phoenixcontact	Tc Mguard Rs4000 4g Vzw Vpn Firmware	< 8.8.3
Phoenixcontact	Tc Mguard Rs4000 4g Att Vpn Firmware	< 8.8.3
Phoenixcontact	Fl Mguard Rs4004 Tx\/Dtx Firmware	< 8.8.3
Phoenixcontact	Fl Mguard Rs4004 Tx\/Dtx Vpn Firmware	< 8.8.3
Phoenixcontact	Tc Mguard Rs4000 3g Vpn Firmware	All versions
Phoenixcontact	Tc Mguard Rs4000 4g Vpn Firmware	< 8.8.3
Phoenixcontact	Innominate Mguard Rs4000 4tx\/Tx Firmware	< 8.8.3
Phoenixcontact	Innominate Mguard Rs4000 4tx\/Tx Vpn Firmware	< 8.8.3
Phoenixcontact	Innominate Mguard Rs4000 4tx\/3g\/Tx Vpn Firmware	< 8.8.3

References

https://cert.vde.com/en-us/advisories/vde-2020-046Third Party Advisory
https://cert.vde.com/en-us/advisories/vde-2020-046Third Party Advisory

Timeline

Published: Dec 17, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-12523?

How severe is CVE-2020-12523?

CVE-2020-12523 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 0.89% probability of exploitation in the next 30 days.

How do I fix CVE-2020-12523?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-12523?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST