CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

schneider-electric

tcsefea23f3f22_firmware

4 known vulnerabilities · sorted by CVSS score

CVE-2021-30064

CRITICAL9.8

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).

belden / tofino_xenon_security_appliance_firmware+12

Network

Published Apr 3, 2022

CVE-2021-30065

HIGH7.5

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401.

belden / tofino_xenon_security_appliance_firmware+12

Network

Published Apr 3, 2022

CVE-2021-30061

MEDIUM6.8

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick.

belden / tofino_xenon_security_appliance_firmware+12

Physical

Published Apr 3, 2022

CVE-2021-30066

MEDIUM6.8

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400.

belden / tofino_xenon_security_appliance_firmware+12

Physical

Published Apr 3, 2022