CVE-2021-30061

Name of the Vulnerable Software and Affected Versions Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 versions prior to 03.23 Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F20/21 Belden Tofino Xenon Security Appliance (affected versions not specified) Tofino Argon Security Appliance (affected versions not specified) EAGLE 20 Tofino (affected versions not specified)

Description The issue is related to insufficient input validation, allowing physically proximate attackers to execute code via a crafted file on a USB stick. This can be exploited by connecting a USB storage device with a specially created file to the device, potentially enabling remote attackers to execute arbitrary code.

Recommendations For Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 versions prior to 03.23, update to version 03.23 or later. For Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F20/21, consider disabling the USB port until a patch is available. For Belden Tofino Xenon Security Appliance, Tofino Argon Security Appliance, and EAGLE 20 Tofino, at the moment, there is no information about a newer version that contains a fix for this vulnerability.