176 matches found
Code injection
On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer...
Hardcoded credentials
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials if the device is in the uncommissioned state...
Denial of service
On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service...
CVE-2021-30066
The CVE-2021-30066 entry applies to Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 (before 03.23) and Belden Tofino Xenon Security Appliance. A firmware-signature verification bypass for USB allows loading an arbitrary firmware image, enabling kernel/firmware upgrades with unsigned p...
CVE-2021-30066
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification for a USB stick can be bypassed. NOTE: this issue exists because of an...
CVE-2021-30065
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401...
CVE-2021-30065
CVE-2021-30065 affects Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 prior to 03.23 and TCSEFEA23F3F20/21, plus Belden Tofino Xenon Security Appliance. Root cause is an incomplete fix of CVE-2017-11401, enabling crafted ModBus packets to bypass the ModBus enforcer. Impact: bypass of...
CVE-2021-30064
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials if the device is in the uncommissioned state...
CVE-2021-30063
CVE-2021-30063 affects Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 (pre-03.23) and Belden Tofino Xenon Security Appliance. The issue is triggered by crafted OPC packets that cause an OPC enforcer denial of service. The connected Red Hat/other entries corroborate a DoS impact without det...
CVE-2021-30063
On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service...
CVE-2021-30062
On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer...
CVE-2021-30062
CVE-2021-30062 affects Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 (pre-03.23) and Belden Tofino Xenon Security Appliance. The vulnerability arises from crafted OPC packets that bypass the OPC enforcer, enabling partial integrity impact without confidentiality or availability impact per...
CVE-2021-30061
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick...
CVE-2021-30061
CVE-2021-30061 affects Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23 and TCSEFEA23F3F20/21, plus Belden Tofino Xenon Security Appliance. The issue allows a physically proximate attacker to execute code via a crafted file on a USB stick. CVSS shows physical access with l...
Schneider Electric ConneXium Network Manager Software 安全漏洞
Schneider Electric ConneXium Network Manager Software Schneider Electric Cnm is an industrial Ethernet network management software from Schneider Electric, France. A security vulnerability exists in the Schneider Electric ConneXium Network Manager Software prior to version 03.23 and the Belden...
Schneider Electric ConneXium Network Manager Software 数据伪造问题漏洞
Schneider Electric ConneXium Network Manager Software Schneider Electric Cnm is an industrial Ethernet network management software from Schneider Electric, France. A security vulnerability exists in the Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22/21/20 prior to version 03.23 and t...
The vulnerability of Belden Hirschmann HiOS and HiSecOS operating systems lies in the insufficient protection of registration data, allowing attackers to gain unauthorized access to protected information.
The vulnerability of Belden Hirschmann HiOS and HiSecOS lies in the insufficient protection of registration data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
Belden HiOS授权问题漏洞
Belden HiOS is an operating system for Ethernet switches from Belden, Inc. A security vulnerability exists in Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01, which could be exploited by a remote attacker to alter the credentials of an existing us...
The vulnerability of the HiOS operating system with respect to Belden Hirschmann’s OS2, RSP, and RSPE network switches allows a hacker to cause maintenance failures.
The vulnerability of the HiOS operating system regarding Belden Hirschmann’s OS2, RSP, and RSPE network switches is related to resource release errors. Exploiting this vulnerability allows a malicious actor to cause service interruptions remotely...
Belden HiOS and HiSecOS Buffer Overflow Vulnerabilities
Belden HiOS and Belden HiSecOS are both products of Belden, Inc. Belden HiOS is an operating system for Ethernet switches and Belden HiSecOS is an operating system for industrial security routers. A buffer overflow vulnerability exists in Belden HiOS and HiSecOS. The vulnerability originates when...