Page 2 of 9 results (0.015 seconds)

CVSS: 7.2EPSS: 0%CPEs: 26EXPL: 0

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick. En Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 versiones anteriores a 03.23, TCSEFEA23F3F20/21, y Belden Tofino Xenon Security Appliance, los atacantes físicamente próximos pueden ejecutar código por medio de un archivo diseñado en una memoria USB • https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05 https://www.belden.com/support/security-assurance •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) with unsigned, attacker-controlled, data. This occurs because the appliance_config file is signed but the .tar.sec file is unsigned. Se ha descubierto un problema en las versiones anteriores a la 03.2.00 de Belden Hirschmann Tofino Xenon Security Appliance. Una firma incompleta del firmware permite que un atacante local actualice el equipamiento (kernel, sistema de archivo) con datos no firmados controlados por el atacante. • https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.txt https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port of a protected asset, thus bypassing the firewall. The attack methodology is a crafted OPC dynamic port shift. Se ha descubierto un problema en las versiones anteriores a la 03.2.00 de Belden Hirschmann Tofino Xenon Security Appliance. Los fallos de diseño en módulos OPC classic y netfilter personalizados permiten que un atacante active remotamente las reglas en el firewall y se conecte a cualquier puerto TCP de un activo protegido, eludiendo el firewall. • https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.txt https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing function code filtering. Se ha descubierto un problema en las versiones anteriores a la 03.2.00 de Belden Hirschmann Tofino Xenon Security Appliance. La manipulación incorrecta del campo mbap.length de paquetes ModBus en el filtro ModBus DPI permite que un atacante envíe paquetes mal formados/manipulados a un activo protegido, omitiendo el filtrado de códigos de función. • https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.txt https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf •