Belden

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-70545 1Belden 1Ppc 2k05x Firmware Feb 11, 2026 Feb 4, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component improperly handles...Show more A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary JavaScript that is persistently stored and executed when the affected interface is accessed.Show less
CVE-2022-40282 1Belden 1Hirschmann Bat C2 Firmware Apr 29, 2025 Nov 25, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreat...Show more The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.Show less
CVE-2021-30066 2Belden Schneider Electric 13Eagle 20 Tofino 943 987 501 Tx/tx Firmware Eagle 20 Tofino 943 987 502 Tx/mm FirmwareEagle 20 Tofino 943 987 504 Mm/tx Firmware+10 more Nov 21, 2024 Apr 3, 2022 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verificatio...Show more On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400.Show less
CVE-2021-30065 2Belden Schneider Electric 13Eagle 20 Tofino 943 987 501 Tx/tx Firmware Eagle 20 Tofino 943 987 502 Tx/mm FirmwareEagle 20 Tofino 943 987 504 Mm/tx Firmware+10 more Nov 21, 2024 Apr 3, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists b...Show more On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401.Show less
CVE-2021-30064 2Belden Schneider Electric 13Eagle 20 Tofino 943 987 501 Tx/tx Firmware Eagle 20 Tofino 943 987 502 Tx/mm FirmwareEagle 20 Tofino 943 987 504 Mm/tx Firmware+10 more Nov 21, 2024 Apr 3, 2022 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in...Show more On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).Show less
CVE-2021-30063 2Belden Schneider Electric 11Eagle 20 Tofino 943 987 501 Tx/tx Firmware Eagle 20 Tofino 943 987 502 Tx/mm FirmwareEagle 20 Tofino 943 987 504 Mm/tx Firmware+8 more Nov 21, 2024 Apr 3, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.
CVE-2021-30062 2Belden Schneider Electric 11Eagle 20 Tofino 943 987 501 Tx/tx Firmware Eagle 20 Tofino 943 987 502 Tx/mm FirmwareEagle 20 Tofino 943 987 504 Mm/tx Firmware+8 more Nov 21, 2024 Apr 3, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer.
CVE-2021-30061 2Belden Schneider Electric 13Eagle 20 Tofino 943 987 501 Tx/tx Firmware Eagle 20 Tofino 943 987 502 Tx/mm FirmwareEagle 20 Tofino 943 987 504 Mm/tx Firmware+10 more Nov 21, 2024 Apr 3, 2022 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stic...Show more On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, physically proximate attackers can execute code via a crafted file on a USB stick.Show less
CVE-2021-27734 1Belden 2Hirschmann Hios Hisecos Nov 21, 2024 May 17, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.
CVE-2020-9307 1Belden 1Hirschmann Hios Nov 21, 2024 Feb 11, 2021 N/A· v4 6.5 MEDIUM· v3 6.1 MEDIUM· v2 Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks th...Show more Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a denial of service. An unauthenticated, adjacent attacker can cause an infinite loop on one of the HSR ring ports of the device. This effectively breaks the redundancy of the HSR ring. If the attacker can perform the same attack on a second device, the ring is broken into two parts (thus disrupting communication between devices in the different parts).Show less
CVE-2020-6994 1Belden 2Hirschmann Hios Hirschmann Hisecos Nov 21, 2024 Apr 3, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability...Show more A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30.Show less
CVE-2019-12262 3Belden SiemensWindriver 7Garrettcom Magnum Dx940e Firmware Hirschmann HiosRuggedcom Win7000 Firmware+4 more Nov 21, 2024 Aug 14, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).
CVE-2019-12261 6Belden NetappOracle+3 more 13Communications Eagle E Series Santricity Os ControllerGarrettcom Magnum Dx940e Firmware+10 more Nov 21, 2024 Aug 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.
CVE-2019-12260 6Belden NetappOracle+3 more 13Communications Eagle E Series Santricity Os ControllerGarrettcom Magnum Dx940e Firmware+10 more Nov 21, 2024 Aug 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.
CVE-2019-12258 5Belden NetappSiemens+2 more 12E Series Santricity Os Controller Garrettcom Magnum Dx940e FirmwareHirschmann Hios+9 more Nov 21, 2024 Aug 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.
CVE-2019-12255 5Belden NetappSiemens+2 more 12E Series Santricity Os Controller Garrettcom Magnum Dx940e FirmwareHirschmann Hios+9 more Nov 21, 2024 Aug 9, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.
CVE-2019-12265 5Belden NetappSiemens+2 more 12E Series Santricity Os Controller Garrettcom Magnum Dx940e FirmwareHirschmann Hios+9 more Nov 21, 2024 Aug 9, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.
CVE-2019-12263 5Belden NetappSiemens+2 more 12E Series Santricity Os Controller Garrettcom Magnum Dx940e FirmwareHirschmann Hios+9 more Nov 21, 2024 Aug 9, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
CVE-2019-12259 4Belden SiemensSonicwall+1 more 119410 Power Meter Firmware 9810 Power Meter FirmwareGarrettcom Magnum Dx940e Firmware+8 more Nov 21, 2024 Aug 9, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing.
CVE-2019-12257 5Belden NetappSiemens+2 more 10E Series Santricity Os Controller Garrettcom Magnum Dx940e FirmwareHirschmann Hios+7 more Nov 21, 2024 Aug 9, 2019 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

12 Next