Belden

Tofino Xenon Security Appliance Firmware

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2021-30066

  • EPSS 0%
  • Veröffentlicht 03.04.2022 23:15:07
  • Zuletzt bearbeitet 21.11.2024 06:03:17

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be byp...

7.2

CVE-2021-30061

  • EPSS 0.01%
  • Veröffentlicht 03.04.2022 22:15:14
  • Zuletzt bearbeitet 21.11.2024 06:03:16

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick.

7.5

CVE-2021-30062

  • EPSS 0.04%
  • Veröffentlicht 03.04.2022 22:15:14
  • Zuletzt bearbeitet 21.11.2024 06:03:16

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer.

7.5

CVE-2021-30063

  • EPSS 0.07%
  • Veröffentlicht 03.04.2022 22:15:14
  • Zuletzt bearbeitet 21.11.2024 06:03:17

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.

9.8

CVE-2021-30064

  • EPSS 0.06%
  • Veröffentlicht 03.04.2022 22:15:14
  • Zuletzt bearbeitet 21.11.2024 06:03:17

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).

7.5

CVE-2021-30065

  • EPSS 0.03%
  • Veröffentlicht 03.04.2022 22:15:14
  • Zuletzt bearbeitet 21.11.2024 06:03:17

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of...

7.2

CVE-2017-11400

  • EPSS 0%
  • Veröffentlicht 20.11.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. Th...

9.8

CVE-2017-11401

  • EPSS 0.2%
  • Veröffentlicht 20.11.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a prot...

10

CVE-2017-11402

  • EPSS 0.09%
  • Veröffentlicht 20.11.2017 15:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP p...