Security Advisory

Schneider Electric ConneXium Tofino Firewall Vulnerabilities

Affects ConneXium Tofino Firewall (TCSEFEA23F3F22): prior to v03.23, ConneXium Tofino OPC-LSM (TCSEFM0000): prior to Firewall host v03.23, and ConneXium Tofino Firewall (TCSEFEA23F3F20/21): All versions

Risk Information

affected product:

ConneXium Tofino Firewall (TCSEFEA23F3F22): prior to v03.23, ConneXium Tofino OPC-LSM (TCSEFM0000): prior to Firewall host v03.23, and ConneXium Tofino Firewall (TCSEFEA23F3F20/21): All versions

Limited Threat

CVE ID

CVE-2021-30062

CVE-2021-30063

CVE-2021-30064

CVE-2021-30065

CVE-2021-30066

CVE-2021-30061

CVE-2021-30062

Source

Dragos

Skill Level

N/A

CVSSV3 BASE / TEMPORAL SCORE

N/a

CVSSV3 vector

N/A

Affecting

ConneXium Tofino Firewall (TCSEFEA23F3F22): prior to v03.23, ConneXium Tofino OPC-LSM (TCSEFM0000): prior to Firewall host v03.23, and ConneXium Tofino Firewall (TCSEFEA23F3F20/21): All versions

Vulnerability Type

Use of Default Credentials

Improper Verification of Cryptographic Signature

Use of Hard-coded Credentials

Uncontrolled Resource Consumption

Resource Exhaustion

Unauthorized Access

Disclosure Timeline

01/11/2022 - Dragos discloses issue