CVE-2021-30065 - Vulnerability Details

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Belden	Eagle 20 Tofino 943 987-501-tx\/tx Eagle 20 Tofino 943 987-501-tx\/tx Firmware Eagle 20 Tofino 943 987-502 -tx\/mm Eagle 20 Tofino 943 987-502 -tx\/mm Firmware Eagle 20 Tofino 943 987-504-mm\/tx Eagle 20 Tofino 943 987-504-mm\/tx Firmware Eagle 20 Tofino 943 987-505-mm\/mm Eagle 20 Tofino 943 987-505-mm\/mm Firmware Tofino Argon Fa-tsa-100-tx\/tx Tofino Argon Fa-tsa-100-tx\/tx Firmware Tofino Argon Fa-tsa-220-mm\/mm Tofino Argon Fa-tsa-220-mm\/mm Firmware Tofino Argon Fa-tsa-220-mm\/tx Tofino Argon Fa-tsa-220-mm\/tx Firmware Tofino Argon Fa-tsa-220-tx\/mm Tofino Argon Fa-tsa-220-tx\/mm Firmware Tofino Argon Fa-tsa-220-tx\/tx Tofino Argon Fa-tsa-220-tx\/tx Firmware Tofino Xenon Security Appliance Tofino Xenon Security Appliance Firmware
Schneider-electric	Tcsefea23f3f20 Tcsefea23f3f20 Firmware Tcsefea23f3f21 Tcsefea23f3f21 Firmware Tcsefea23f3f22 Tcsefea23f3f22 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:belden:tofino_xenon_security_appliance_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:belden:tofino_xenon_security_appliance:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:belden:tofino_argon_fa-tsa-220-tx\/mm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:tofino_argon_fa-tsa-220-tx\/mm:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:belden:tofino_argon_fa-tsa-220-tx\/tx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:tofino_argon_fa-tsa-220-tx\/tx:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:belden:tofino_argon_fa-tsa-220-mm\/tx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:tofino_argon_fa-tsa-220-mm\/tx:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:belden:tofino_argon_fa-tsa-220-mm\/mm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:tofino_argon_fa-tsa-220-mm\/mm:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:belden:tofino_argon_fa-tsa-100-tx\/tx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:tofino_argon_fa-tsa-100-tx\/tx:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:belden:eagle_20_tofino_943_987-505-mm\/mm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:eagle_20_tofino_943_987-505-mm\/mm:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:belden:eagle_20_tofino_943_987-504-mm\/tx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:eagle_20_tofino_943_987-504-mm\/tx:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:belden:eagle_20_tofino_943_987-502_-tx\/mm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:eagle_20_tofino_943_987-502_-tx\/mm:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:belden:eagle_20_tofino_943_987-501-tx\/tx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:eagle_20_tofino_943_987-501-tx\/tx:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:schneider-electric:tcsefea23f3f20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tcsefea23f3f20:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:schneider-electric:tcsefea23f3f21_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tcsefea23f3f21:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:schneider-electric:tcsefea23f3f22_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tcsefea23f3f22:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05
https://www.belden.com/support/security-assurance

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-04-03T21:59:18

Updated: 2024-08-03T22:24:59.526Z

Reserved: 2021-04-02T00:00:00

Link: CVE-2021-30065

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-04-03T22:15:14.943

Modified: 2024-11-21T06:03:17.350

Link: CVE-2021-30065

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object