Lucene search
+L

177 matches found

nvd
nvd
added 2017/11/20 3:29 p.m.23 views

CVE-2017-11400

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment kernel, file system with unsigned, attacker-controlled, data. This occurs because the applianceconfig file is...

7.2CVSS6.5AI score0.00273EPSS
Exploits0References2
osv
osv
added 2017/11/20 3:29 p.m.3 views

CVE-2017-11401

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing function code filtering...

9.8CVSS5.8AI score0.01397EPSS
Exploits0References2
cve
cve
added 2017/11/20 3:0 p.m.71 views

CVE-2017-11400

Affected product: Belden Hirschmann Tofino Xenon Security Appliance (before 03.2.00). Issue and root cause: Incomplete firmware signature verification due to appliance_config being signed while the .tar.sec is unsigned, enabling a local attacker to upgrade the kernel and filesystem with unsigned,...

7.2CVSS6.5AI score0.00273EPSS
Exploits0References2Affected Software1
cve
cve
added 2017/11/20 3:0 p.m.50 views

CVE-2017-11402

The CVE affects Belden Hirschmann Tofino Xenon Security Appliance versions before 03.2.00. The root cause is design flaws in OPC Classic and in custom netfilter modules, which allow an attacker to remotely activate firewall rules and connect to any TCP port of a protected asset, effectively bypas...

10CVSS9.3AI score0.01545EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2017/11/20 3:0 p.m.27 views

CVE-2017-11400

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment kernel, file system with unsigned, attacker-controlled, data. This occurs because the applianceconfig file is...

6.5AI score0.00273EPSS
Exploits0References2
cvelist
cvelist
added 2017/11/20 3:0 p.m.27 views

CVE-2017-11401

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing function code filtering...

7.8AI score0.01397EPSS
Exploits0References2
cvelist
cvelist
added 2017/11/20 3:0 p.m.22 views

CVE-2017-11402

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the...

9.4AI score0.01545EPSS
Exploits0References2
cve
cve
added 2017/11/20 3:0 p.m.60 views

CVE-2017-11401

The CVE-2017-11401 issue affects Belden Hirschmann Tofino Xenon Security Appliance prior to 03.2.00. The ModBus DPI filter mishandles the mbap.length field in ModBus packets, allowing crafted/malformed packets to bypass function-code filtering and reach protected assets. This is a network‑level b...

9.8CVSS7.8AI score0.01397EPSS
Exploits0References2Affected Software1
prion
prion
added 2017/06/30 3:29 a.m.12 views

Server side request forgery (ssrf)

A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination...

4.3CVSS6.5AI score0.00924EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2017/06/30 3:29 a.m.17 views

CVE-2017-6040

An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously...

5.3CVSS5.8AI score0.00946EPSS
Exploits0References1
nvd
nvd
added 2017/06/30 3:29 a.m.19 views

CVE-2017-6038

A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request...

7.1CVSS7AI score0.00442EPSS
Exploits0References1
osv
osv
added 2017/06/30 3:29 a.m.5 views

CVE-2017-6040

An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously...

5.3CVSS5.8AI score0.00946EPSS
Exploits0References1
prion
prion
added 2017/06/30 3:29 a.m.12 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request...

5.8CVSS6.9AI score0.00442EPSS
Exploits0References1Affected Software1
prion
prion
added 2017/06/30 3:29 a.m.14 views

Information disclosure

An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously...

5CVSS5.8AI score0.00946EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2017/06/30 3:29 a.m.15 views

CVE-2017-6036

A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination...

6.5CVSS6.6AI score0.00924EPSS
Exploits0References1
osv
osv
added 2017/06/30 3:29 a.m.5 views

CVE-2017-6036

A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination...

6.5CVSS5.8AI score0.00924EPSS
Exploits0References1
osv
osv
added 2017/06/30 3:29 a.m.6 views

CVE-2017-6038

A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request...

7.1CVSS5.8AI score0.00442EPSS
Exploits0References1
cvelist
cvelist
added 2017/06/30 2:35 a.m.26 views

CVE-2017-6036

A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination...

6.5AI score0.00924EPSS
Exploits0References1
cvelist
cvelist
added 2017/06/30 2:35 a.m.22 views

CVE-2017-6038

A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request...

7AI score0.00442EPSS
Exploits0References1
cve
cve
added 2017/06/30 2:35 a.m.51 views

CVE-2017-6036

CVE-2017-6036 describes a Server-Side Request Forgery (SSRF) in Belden Hirschmann GECKO Lite Managed switch (Web server) affecting v2.0.00 and earlier. The issue arises because the web server does not adequately validate requests to the intended destination, enabling an attacker to obtain sensiti...

6.5CVSS6.4AI score0.00924EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder