CVE-2011-4859

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf
http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
http://www.securityfocus.com/bid/51605
http://secunia.com/advisories/47723
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72587

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65150::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65160::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65260::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77101::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77111::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77100::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77100::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp573634m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp574634m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp575634m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp576634m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxety4103::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxety5103::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp57163m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp572634m::::::::

Configuration 3 (hide)

OR	cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxnoe0110::::::::
	cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxnoe0100::::::::
	cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxp342030::::::::
	cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxp342020::::::::

Configuration 4 (hide)

OR	cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnic2212::::::::
	cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnip2311::::::::
	cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnip2212::::::::

Information

Published : 2011-12-17 03:55

Updated : 2017-08-28 18:30

NVD link : CVE-2011-4859

Mitre link : CVE-2011-4859

JSON object : View

CWE

NVD-CWE-Other

Products Affected

schneider-electric

premium_ethernet_module_tsxp576634m
m340_ethernet_module_bmxnoe0100
quantum_ethernet_module_140noe77100
quantum_ethernet_module_140noe77111
quantum_ethernet_module_140cpu65260
premium_ethernet_module_tsxety5103
quantum_ethernet_module_140noe77101
premium_ethernet_module_tsxp57163m
stb_dio_ethernet_module_stbnip2311
premium_ethernet_module_tsxp573634m
m340_ethernet_module_bmxp342030
m340_ethernet_module_bmxnoe0110
premium_ethernet_module_tsxp575634m
premium_ethernet_module_tsxp574634m
m340_ethernet_module_bmxp342020
premium_ethernet_module_tsxety4103
stb_dio_ethernet_module_stbnip2212
quantum_ethernet_module_140cpu65150
stb_dio_ethernet_module_stbnic2212
quantum_ethernet_module_140cpu65160
premium_ethernet_module_tsxp572634m

10.0 /10