Belden

Tofino Xenon Security Appliance Firmware

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2021-30066

  • EPSS 0%
  • Published 03.04.2022 23:15:07
  • Last modified 21.11.2024 06:03:17

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be byp...

7.2

CVE-2021-30061

  • EPSS 0.01%
  • Published 03.04.2022 22:15:14
  • Last modified 21.11.2024 06:03:16

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick.

7.5

CVE-2021-30062

  • EPSS 0.04%
  • Published 03.04.2022 22:15:14
  • Last modified 21.11.2024 06:03:16

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer.

7.5

CVE-2021-30063

  • EPSS 0.07%
  • Published 03.04.2022 22:15:14
  • Last modified 21.11.2024 06:03:17

On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.

9.8

CVE-2021-30064

  • EPSS 0.06%
  • Published 03.04.2022 22:15:14
  • Last modified 21.11.2024 06:03:17

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).

7.5

CVE-2021-30065

  • EPSS 0.03%
  • Published 03.04.2022 22:15:14
  • Last modified 21.11.2024 06:03:17

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of...

7.2

CVE-2017-11400

  • EPSS 0%
  • Published 20.11.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. Th...

9.8

CVE-2017-11401

  • EPSS 0.2%
  • Published 20.11.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a prot...

10

CVE-2017-11402

  • EPSS 0.09%
  • Published 20.11.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP p...