2022-11-25 | CVE-2022-40282 | Unspecified vulnerability in Belden Hirschmann Bat-C2 Firmware The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. | 8.8 |
2022-04-03 | CVE-2021-30066 | Improper Verification of Cryptographic Signature vulnerability in multiple products On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. | 6.8 |
2022-04-03 | CVE-2021-30061 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick. | 6.8 |
2022-04-03 | CVE-2021-30062 | On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer. | 7.5 |
2022-04-03 | CVE-2021-30063 | On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service. | 7.5 |
2022-04-03 | CVE-2021-30064 | Use of Hard-coded Credentials vulnerability in multiple products On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state). | 9.8 |
2022-04-03 | CVE-2021-30065 | On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. | 7.5 |
2021-05-17 | CVE-2021-27734 | Improper Authentication vulnerability in Belden Hirschmann Hios and Hisecos Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users. | 9.8 |
2021-02-11 | CVE-2020-9307 | Infinite Loop vulnerability in Belden Hirschmann Hios 07.0.04/08.0.00 Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. | 6.5 |
2020-04-03 | CVE-2020-6994 | Classic Buffer Overflow vulnerability in Belden Hirschmann Hios and Hirschmann Hisecos A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. | 9.8 |