SCHNEIDER 140DD035300 TMR接口模块
预计交付周期:通常在1-10个工作日内发货。
制造商:Triconex
产品编号:4351B
产品类型:Tricon通信模块
串行端口:4
网络端口:2
端口隔离:500 VDC
协议:TriStation、Modbus、TCP/IP、ICMP、SNTP、TSAA(支持IP多播)、Trimble GPS、嵌入式OPC服务器(型号4353和4354)、对等(UDP/IP)、对等时间同步、Jet
铜质以太网端口:10/100 Mbps(4353型仅支持100
Mbps)
光纤以太网端口:100 Mbps
串行端口:每个端口多115.2 Kbps
重量:3.18 Kg
装运重量:4.5 Kg
施耐德电气意识到其Triconex存在多个漏洞™Tricon公司™主处理器
(MP)、Tricon通信模块(TCM)和统一通信模块(UCM)
产品。
受影响的产品(如下所列)是主处理器模块和通信模块
用于Tricon和Tricon CX系统。
未能应用本文档中提供的补救措施可能会导致拒绝服务攻击,
这可能导致模块复位。
2021 7月更新:改进了与写保护钥匙开关和
澄清了受影响的模块。
受影响的产品和版本
以下模块安装在Tricon或Tricon CX版本11.3.x–11.7.x系统中时
受影响:
•Tricon主处理器型号3009和3009X
•Tricon通信模块(TCM)4351B、4352B和4355X型
•4610X型统一通信模块(UCM)
漏洞详细信息
CVE ID:CVE-2021-22742
CVSS v3.1基础分数3.9|低|CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CWE-754:异常或异常情况检查不当漏洞存在于
3009/3009XMP型,当TCM接收到格式错误时,可能导致模块复位
当写保护钥匙开关处于PROGRAM(程序)位置时,TriStation数据包。
CVE ID:CVE-2021-22743
CVSS v3.1基础分数3.9|低|CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CWE-754:异常或异常情况检查不当漏洞存在于
4351B/4352B/4355X型TCM和4610X型UCM可能导致模块
在写保护密钥开关处于
在PROGRAM(程序)位置。
Estimated Lead Time:Usually ships in 1-10 working days.
Manufacturer:Triconex
Product No.:4351B
Product type:Tricon Communication Modules
Serial ports:4
Network ports:2
Port isolation:500 VDC
Protocols:TriStation,Modbus,TCP/IP,ICMP,SNTP,TSAA(with support for IP Multicast),Trimble GPS,Embedded OPC Server(Models 4353 and 4354),Peer-to-Peer(UDP/IP),Peer-to-Peer Time Synchronization,Jet
Copper Ethernet ports:10/100 Mbps(Model 4353 supports only 100
Mbps)
Fiber Ethernet ports:100 Mbps
Serial ports:up to 115.2 Kbps per port
Weight:3.18 Kg
Shipping Weight:4.5 Kg
Schneider Electric is aware of multiple vulnerabilities in its Triconex™Tricon™Main Processor
(MP),Tricon Communication Module(TCM),and Unified Communication Module(UCM)
products.
The affected products(listed below)are main processor modules and communication modules
intended for use with Tricon and Tricon CX systems.
Failure to apply the remediations provided in this document may risk a denial of service attack,
which could result in a module reset.
July 2021 update:Improved additional mitigations related to the write-protect keyswitch and
clarified affected modules.
Affected Products and Versions
The following modules when installed in Tricon or Tricon CX version 11.3.x–11.7.x systems
are affected:
•Tricon Main Processor Models 3009 and 3009X
•Tricon Communication Module(TCM)Models 4351B,4352B,and 4355X
•Unified Communication Module(UCM)Model 4610X
Vulnerability Details
CVE ID:CVE-2021-22742
CVSS v3.1 Base Score 3.9|Low|CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in the
Model 3009/3009XMP that could cause a module reset when the TCM receives malformed
TriStation packets while the write-protect keyswitch is in the PROGRAM position.
CVE ID:CVE-2021-22743
CVSS v3.1 Base Score 3.9|Low|CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in the
Models 4351B/4352B/4355X TCM and Model 4610X UCM that could cause a module
reset when the TCM receives malformed TriStation packets while the write-protect keyswitch is
in the PROGRAM position.
客服1