Vulnerability Details CVE-2017-11401
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing function code filtering.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.txt
- https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf
- https://github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.txt
- https://www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdf
Products affected by CVE-2017-11401
-
cpe:2.3:h:belden:tofino_xenon_security_appliance:-
-
cpe:2.3:o:belden:tofino_xenon_security_appliance_firmware:3.1.0