177 matches found
CVE-2017-11400
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment kernel, file system with unsigned, attacker-controlled, data. This occurs because the applianceconfig file is...
CVE-2017-11401
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing function code filtering...
CVE-2017-11400
Affected product: Belden Hirschmann Tofino Xenon Security Appliance (before 03.2.00). Issue and root cause: Incomplete firmware signature verification due to appliance_config being signed while the .tar.sec is unsigned, enabling a local attacker to upgrade the kernel and filesystem with unsigned,...
CVE-2017-11402
The CVE affects Belden Hirschmann Tofino Xenon Security Appliance versions before 03.2.00. The root cause is design flaws in OPC Classic and in custom netfilter modules, which allow an attacker to remotely activate firewall rules and connect to any TCP port of a protected asset, effectively bypas...
CVE-2017-11400
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment kernel, file system with unsigned, attacker-controlled, data. This occurs because the applianceconfig file is...
CVE-2017-11401
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing function code filtering...
CVE-2017-11402
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the...
CVE-2017-11401
The CVE-2017-11401 issue affects Belden Hirschmann Tofino Xenon Security Appliance prior to 03.2.00. The ModBus DPI filter mishandles the mbap.length field in ModBus packets, allowing crafted/malformed packets to bypass function-code filtering and reach protected assets. This is a network‑level b...
Server side request forgery (ssrf)
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination...
CVE-2017-6040
An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously...
CVE-2017-6038
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request...
CVE-2017-6040
An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously...
Cross site request forgery (csrf)
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request...
Information disclosure
An Information Exposure issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. Non-sensitive information can be obtained anonymously...
CVE-2017-6036
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination...
CVE-2017-6036
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination...
CVE-2017-6038
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request...
CVE-2017-6036
A Server-Side Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web server receives a request, but does not sufficiently verify that the request is being sent to the expected destination...
CVE-2017-6038
A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request...
CVE-2017-6036
CVE-2017-6036 describes a Server-Side Request Forgery (SSRF) in Belden Hirschmann GECKO Lite Managed switch (Web server) affecting v2.0.00 and earlier. The issue arises because the web server does not adequately validate requests to the intended destination, enabling an attacker to obtain sensiti...