EXCITING NEWS:

Dragos named a Leader in the 2025 Gartner® Magic Quadrant™ for CPS Protection Platforms

get the report
Skip to main content
Security Advisory

Tofino Xenon Security Appliance

Risk Information

Limited Threat

CVE ID

CVE-2021-30061

CVE-2021-30062

CVE-2021-30063

CVE-2021-30064

CVE-2021-30065

CVE-2021-30066

Vunerability Type

Code execution via USB

OPC Classic DPI bypass

OPC Classic System Memory Exhaustion

Use of Default Credentials

Modbus DPI bypass

Firmware signature verification bypass via USB

CVSS3 Score

6.8

5.3

6.8

8.1

5.3

6.8

CVSSv3 Vector

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affecting

  • Tofino Xenon 3.2 and below
  • Eaton Tofino 2.2.01 and below
  • Eagle20 Tofino 2.2.01 and below
  • Exxon Tofino 2.2.00 and below

    • Mitigation

    No patches currently exist for these issues.

    04/23/2021