Critical severity9.8NVD Advisory· Published Nov 20, 2017· Updated May 13, 2026

CVE-2017-11401

Description

An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing function code filtering.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Improper handling of the mbap.length field in ModBus packets in Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00 allows attackers to bypass function code filtering via crafted packets.

Vulnerability

The vulnerability resides in the ModBus DPI filter of the Belden Hirschmann Tofino Xenon Security Appliance (versions before 03.2.00). The filter improperly validates the mbap.length field of ModBus packets, allowing attackers to craft packets that bypass function code filtering. Affected versions: all prior to 03.2.00 [1].

Exploitation

An attacker with network access to the appliance can send specially crafted ModBus packets with a malformed mbap.length field. The filter fails to properly parse the packet, allowing the attacker to bypass the intended function code restrictions. No authentication is required [1].

Impact

Successful exploitation allows the attacker to send arbitrary ModBus function codes to protected assets behind the appliance. This can lead to unauthorized control or disruption of industrial systems, potentially causing denial of service or physical damage [1].

Mitigation

Belden released version 03.2.00 to fix the issue. Users should upgrade to this version or later. There are no known workarounds; the appliance should not be exposed to untrusted networks [1].

References

security-advisories/belden/tofino.txt at master · airbus-seclab/security-advisories

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Airbus Seclab/Security Advisoriesreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/airbus-seclab/security-advisories/blob/master/belden/tofino.txtnvdThird Party Advisory
www.belden.com/hubfs/support/security/bulletins/Belden-Security-Bulletin-BSECV-2017-14-1v1-1.pdfnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000