Headline
CVE-2021-30065: security-assurance
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401.
BSECV-2021-16 FragAttacks (fragmentation and aggregation attacks) is a collection of security vulnerabilities that affect Wi-Fi devices. 1.0 03.16.2022Security Bulletin BSECV-2021-05 Multiple vulnerabilities for Tofino relating to user authentication, USB handling and two enforcer modules. 1.101.11.2022Security Bulletin BSECV-2020-03 Potential denial of service vulnerability in PROFINET Devices via DCE-RPC Packets 1.010.21.2021Security Bulletin BSECV-2020-10Password Change Authentication Bypass Vulnerability in HiOS & HiSecOS 1.005.11.2021Security Bulletin BSECV-2019-08Hirschmann RSP, RSPE, and OS2 series HSR denial of service vulnerability 1.0 01.28.2021Security Bulletin BSECV-2021-02ICX35 Local Web Based Configuration Interface Password Set 1.0 01.15.2021Security Bulletin BSECV-2019-09IPsec Firewall Bypass Vulnerability in WLAN (HiLCOS) Products 1.0 01.11.2021Security Bulletin BSECV-2020-08 EtherNet/IP Vulnerability in 2012 release of (3) PLX31s 1.0 12.18.2020Security Bulletin BSECV-2019-14 HiOS EtherNet/IP stack vulnerability 1.0 09.09.2020Security Bulletin BSECV-2020-04Multiple dnsmasq Vulnerabilities in OWL 3G, LTE & LTE M12 1.0 06.15.2020Security Bulletin BSECV-2020-02JAVA SE vulnerability in Industrial HiVision1.0 06.15.2020Security Bulletin BSECV-2020-06pppd vulnerability in Hirschmann OWL Devices1.05.28.2020Security Bulletin BSECV-2020-01Web Server Buffer Overflow in HiOS & HiSecOS products 1.203.25.2020Security Bulletin BSECV-2019-05Multiple IP vulnerabilities in Hirschmann HiOS and Classic Firewall and GarrettCom DX products (URGENT/11) 1.3 11.27.2019Security Bulletin BSECV-2018-06Belden GarrettCom MNS 6K and 10K OpenSSL Vulnerabilities1.008.09.2019Security Bulletin BSECV-2018-08Belden GarrettCom MNS 6K and 10K SNMP Vulnerability1.008.09.2019Security Bulletin BSECV-2018-07Jackson vulnerability in Industrial HiVision1.006.06.2018Security Bulletin BSECV-2017-11strongSwan vulnerability in HiSecOS1.006.06.2018Security Bulletin BSECV-2017-16WPA2 Key Reinstallation Attack (KRACK) vulnerabilities in Hirschmann BAT devices 1.1 06.06.2018Security Bulletin BSECV-2017-15Web Server Authentication Bypass Vulnerability in HiOS & HiSecOS1.005.25.2018Security Bulletin BSECV-2018-02Weaknesses in Hirschmann Classic Platform Switches when using plaintext HTTP for remote management access1.103.09.2018Security Bulletin BSECV-2018-03Weaknesses in Hirschmann Classic Platform Switches in the user authentication module 1.103.09.2018Security Bulletin BSECV-2018-04RADIUS authentication vulnerability1.0 02.26.2018Security Bulletin BSECV-2017-14; CVE-2017-11400; CVE-2017-11401; CVE-2017-11402Potential Tofino Firmware Signing / Protocol Filtering Evasion / Firewall Bypass1.011.06.2017Security Bulletin BSECV-2017-2Unauthenticated remote code execution vulnerability in Industrial HiVision1.0 08.18.2017Security Bulletin BSECV-2017-12Vulnerability in the bundled Java Runtime Environment lets local users execute arbitrary code in Industrial HiVision, HiFusion and HiView1.008.11.2017Security Bulletin BSECV-2017-10ICX35 User Interface Input Validation Issue 1.0 05.08.2017Security Bulletin BSECV-2017-9ICX35 Authentication Vulnerability1.0 05.08.2017Security Bulletin BSECV-2017-8Belden GarrettCom MNS 6K and 10K Device Access and Security Key Vulnerabilities1.0 05.08.2017Security Bulletin BSECV-2017-3Potential false forward of IPv4 multicast/broadcast traffic by HiLCOS Layer-2 Firewall 1.0 05.08.2017Security Bulletin BSECV-2017-7Possible Request Forgery Vulnerabilities for GECKO Devices 1.004.07.2017Security Bulletin BSECV-2017-1Restricted user roles may gain write access to devices managed by Industrial HiVision 1.001.06.2017Security Bulletin BSECV-2016-2Passwords Synchronization with SNMP v1/v2 communities 1.112.19.2016Security Bulletin BSECV-2016-5 Possible Information Disclosure for GECKO Devices1.0 12.19.2016Security Bulletin BSECV-2016-4HiOS TCP Initial Sequence Number Predictability 1.0 06.06.2016Security Bulletin BSECV-2016-1GECKO authentication bypass1.0 03.07.2016Security Bulletin BSECV-2015-5Identical SSH and SSL default keys in HiLCOS Products1.012.11.2015Security Bulletin BSECV-2015-4;CVE-2008-0960SNMPv3 Authentication Bypass 1.0 07.10.2015Security Bulletin BSECV-2015-3Belden GarrettCom MNS 6K and 10K Security Keys, Embedded Password, Cross-site Scripting and Web Server DOS Vulnerabilities1.0 06.15.2015Security Bulletin BSECV-2015-1; CVE-2014-3566Vulnerability in SSL 3.0 Could Allow Information Disclosure 1.002.18.2015Security Bulletin BSECV-2015-2Earlier versions of HiView do not verify the server identity for HTTPS and SSH 1.0 01.21.2015Security Bulletin