Live Webinar:

Join us Apr. 1st for a Town Hall as Robert M. Lee shares insights from his testimony before the U.S. House of Representatives Subcommittee on Cybersecurity and Infrastructure Protection.

Skip to main content
Security Advisory

Tofino Xenon Security Appliance

Risk Information

Limited Threat

CVE ID

CVE-2021-30061

CVE-2021-30062

CVE-2021-30063

CVE-2021-30064

CVE-2021-30065

CVE-2021-30066

Vunerability Type

Code execution via USB

OPC Classic DPI bypass

OPC Classic System Memory Exhaustion

Use of Default Credentials

Modbus DPI bypass

Firmware signature verification bypass via USB

CVSS3 Score

6.8

5.3

6.8

8.1

5.3

6.8

CVSSv3 Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affecting

  • Tofino Xenon 3.2 and below
  • Eaton Tofino 2.2.01 and below
  • Eagle20 Tofino 2.2.01 and below
  • Exxon Tofino 2.2.00 and below
  • Mitigation

    No patches currently exist for these issues.

    04/23/2021