TROYANOSYVIRUS
Back to CVEs

CVE-2021-30064

CRITICAL
9.8

Description

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).

CVE Details

CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published4/3/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

belden:eagle_20_tofino_943_987-501-tx\/txbelden:eagle_20_tofino_943_987-501-tx\/tx_firmwarebelden:eagle_20_tofino_943_987-502_-tx\/mmbelden:eagle_20_tofino_943_987-502_-tx\/mm_firmwarebelden:eagle_20_tofino_943_987-504-mm\/txbelden:eagle_20_tofino_943_987-504-mm\/tx_firmwarebelden:eagle_20_tofino_943_987-505-mm\/mmbelden:eagle_20_tofino_943_987-505-mm\/mm_firmwarebelden:tofino_argon_fa-tsa-100-tx\/txbelden:tofino_argon_fa-tsa-100-tx\/tx_firmwarebelden:tofino_argon_fa-tsa-220-mm\/mmbelden:tofino_argon_fa-tsa-220-mm\/mm_firmwarebelden:tofino_argon_fa-tsa-220-mm\/txbelden:tofino_argon_fa-tsa-220-mm\/tx_firmwarebelden:tofino_argon_fa-tsa-220-tx\/mmbelden:tofino_argon_fa-tsa-220-tx\/mm_firmwarebelden:tofino_argon_fa-tsa-220-tx\/txbelden:tofino_argon_fa-tsa-220-tx\/tx_firmwarebelden:tofino_xenon_security_appliancebelden:tofino_xenon_security_appliance_firmwareschneider-electric:tcsefea23f3f20schneider-electric:tcsefea23f3f20_firmwareschneider-electric:tcsefea23f3f21schneider-electric:tcsefea23f3f21_firmwareschneider-electric:tcsefea23f3f22schneider-electric:tcsefea23f3f22_firmware

Weaknesses (CWE)

CWE-798

References

https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05(cve@mitre.org)
https://www.belden.com/support/security-assurance(cve@mitre.org)
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05(af854a3a-2127-422b-91ae-364da2661108)
https://www.belden.com/support/security-assurance(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.