OpenCVE

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Belden	Eagle 20 Tofino 943 987-501-tx\/tx Eagle 20 Tofino 943 987-501-tx\/tx Firmware Eagle 20 Tofino 943 987-502 -tx\/mm Eagle 20 Tofino 943 987-502 -tx\/mm Firmware Eagle 20 Tofino 943 987-504-mm\/tx Eagle 20 Tofino 943 987-504-mm\/tx Firmware Eagle 20 Tofino 943 987-505-mm\/mm Eagle 20 Tofino 943 987-505-mm\/mm Firmware Tofino Argon Fa-tsa-100-tx\/tx Tofino Argon Fa-tsa-100-tx\/tx Firmware Tofino Argon Fa-tsa-220-mm\/mm Tofino Argon Fa-tsa-220-mm\/mm Firmware Tofino Argon Fa-tsa-220-mm\/tx Tofino Argon Fa-tsa-220-mm\/tx Firmware Tofino Argon Fa-tsa-220-tx\/mm Tofino Argon Fa-tsa-220-tx\/mm Firmware Tofino Argon Fa-tsa-220-tx\/tx Tofino Argon Fa-tsa-220-tx\/tx Firmware Tofino Xenon Security Appliance Tofino Xenon Security Appliance Firmware
Schneider-electric	Tcsefea23f3f20 Tcsefea23f3f20 Firmware Tcsefea23f3f21 Tcsefea23f3f21 Firmware Tcsefea23f3f22 Tcsefea23f3f22 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:belden:tofino_xenon_security_appliance_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:belden:tofino_xenon_security_appliance:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:belden:tofino_argon_fa-tsa-220-tx\/mm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:tofino_argon_fa-tsa-220-tx\/mm:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:belden:tofino_argon_fa-tsa-220-tx\/tx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:tofino_argon_fa-tsa-220-tx\/tx:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:belden:tofino_argon_fa-tsa-220-mm\/tx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:tofino_argon_fa-tsa-220-mm\/tx:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:belden:tofino_argon_fa-tsa-220-mm\/mm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:tofino_argon_fa-tsa-220-mm\/mm:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:belden:tofino_argon_fa-tsa-100-tx\/tx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:tofino_argon_fa-tsa-100-tx\/tx:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:belden:eagle_20_tofino_943_987-505-mm\/mm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:eagle_20_tofino_943_987-505-mm\/mm:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:belden:eagle_20_tofino_943_987-504-mm\/tx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:eagle_20_tofino_943_987-504-mm\/tx:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:belden:eagle_20_tofino_943_987-502_-tx\/mm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:eagle_20_tofino_943_987-502_-tx\/mm:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:belden:eagle_20_tofino_943_987-501-tx\/tx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:belden:eagle_20_tofino_943_987-501-tx\/tx:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:schneider-electric:tcsefea23f3f20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tcsefea23f3f20:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:schneider-electric:tcsefea23f3f21_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tcsefea23f3f21:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:schneider-electric:tcsefea23f3f22_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:schneider-electric:tcsefea23f3f22:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05
https://www.belden.com/support/security-assurance

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-04-03T21:56:29

Updated: 2024-08-03T22:24:59.323Z

Reserved: 2021-04-02T00:00:00

Link: CVE-2021-30064

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-04-03T22:15:14.900

Modified: 2024-11-21T06:03:17.187

Link: CVE-2021-30064

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object