Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
security-advisories/belden/tofino.txt
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
169 lines (111 sloc)
3.19 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2017-11400 | |
| ============== | |
| Description: | |
| ------------ | |
| An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance 3.10 and earlier. | |
| An incomplete firmware signature allows a local attacker to upgrade the equipment (kernel, file system) | |
| with unsigned, attacker controlled, data. | |
| Vulnerability type: | |
| ------------------- | |
| Incomplete firmware signature | |
| Vendor of Product: | |
| ------------------ | |
| Belden Hirschmann | |
| Affected Product Code Base: | |
| --------------------------- | |
| Tofino Xenon Security Appliance - 3.10 and earlier | |
| Affected Component: | |
| ------------------- | |
| USB firmware | |
| Attack Type: | |
| ------------ | |
| Local | |
| Impact Code execution: | |
| ---------------------- | |
| Yes | |
| Attack Vectors: | |
| --------------- | |
| Attacker has physical access to the device and ability | |
| tu plug USB device into it | |
| Reference: | |
| ---------- | |
| https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf | |
| https://www.belden.com/support/security-assurance | |
| Discoverer: | |
| ----------- | |
| Julien Lenoir of Airbus | |
| CVE-2017-11401 | |
| ============== | |
| Description: | |
| ------------ | |
| An issue has been discovered on the Belden Hirschmann Tofino Xenon | |
| Security Appliance 3.10 and earlier. Improper handling of the | |
| mbap.length field of ModBus packets in the ModBus DPI filter allows an | |
| attacker to send malformed/crafted packets to a protected asset, bypassing | |
| function code filtering. | |
| Vulnerability type: | |
| ------------------- | |
| DPI ModBus filter bypass | |
| Vendor of Product: | |
| ------------------ | |
| Belden Hirschmann | |
| Affected Product Code Base: | |
| --------------------------- | |
| Tofino Xenon Security Appliance | |
| Firmware 3.10 and prior | |
| Affected Component: | |
| ------------------- | |
| Modbus enforcer DPI filter | |
| Attack Type: | |
| ------------ | |
| Remote | |
| CVE Impact: | |
| ----------- | |
| Bypass DPI filter on industrial firewall | |
| Attack Vectors: | |
| --------------- | |
| To exploit the vulnerability, attacker is able to send UDP or TCP | |
| packets to a protected asset, on a LAN. | |
| Reference: | |
| ---------- | |
| https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf | |
| https://www.belden.com/support/security-assurance | |
| Discoverer: | |
| ----------- | |
| Julien Lenoir of Airbus | |
| CVE-2017-11402 | |
| ============== | |
| Description: | |
| ------------ | |
| An issue has been discovered on the Belden Hirschmann Tofino Xenon | |
| Security Appliance 3.10 and earlier. Design flaws in OPC classic and | |
| in custom netfilter modules allow an attacker to remotely activate | |
| rules on the firewall and to connect to any TCP port of a protected | |
| asset, thus bypassing the firewall. | |
| Vulnerability type: | |
| ------------------- | |
| Firewall bypass | |
| Vendor of Product: | |
| ------------------ | |
| Belden Hirschmann | |
| Affected Product Code Base: | |
| --------------------------- | |
| Tofino Xenon Security Appliance | |
| Firmware 3.10 and prior | |
| Affected Component: | |
| ------------------- | |
| Netfilter custom filter combined with OPC Classic DPI filter | |
| Attack Type: | |
| ------------ | |
| Remote | |
| Attack Vectors: | |
| --------------- | |
| To exploit the vulnerability, someone must connect to a protected | |
| asset over OPC Classic port | |
| Reference: | |
| ---------- | |
| https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf | |
| https://www.belden.com/support/security-assurance | |
| Discoverer: | |
| ----------- | |
| Julien Lenoir of Airbus |