Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In April 2022
CVE-2021-30061
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick.
CVSS Score
6.8
EPSS Score
0.0
Published
2022-04-03
CVE-2021-30062
On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-04-03
CVE-2021-30063
On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-03
CVE-2021-30064
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).
CVSS Score
9.8
EPSS Score
0.001
Published
2022-04-03
CVE-2021-30065
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401.
CVSS Score
7.5
EPSS Score
0.0
Published
2022-04-03
CVE-2022-28388
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-04-03
CVE-2022-28389
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-04-03
CVE-2022-28390
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-04-03
CVE-2022-28391
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.
CVSS Score
8.8
EPSS Score
0.032
Published
2022-04-03
CVE-2022-0405
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-04-03


Products
Pricing
Contact Us

Shodan ® - All rights reserved