Vulnerability Details CVE-2011-4859
The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.07
EPSS Ranking 91.0%
CVSS Severity
CVSS v2 Score 10.0
References
- http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
- http://secunia.com/advisories/47723
- http://www.securityfocus.com/bid/51605
- http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf
- http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72587
- http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
- http://secunia.com/advisories/47723
- http://www.securityfocus.com/bid/51605
- http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf
- http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72587
Products affected by CVE-2011-4859
-
cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxnoe0100:*
-
cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxnoe0110:*
-
cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxp342020:*
-
cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxp342030:*
-
cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxety4103:*
-
cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxety5103:*
-
cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp57163m:*
-
cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp572634m:*
-
cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp573634m:*
-
cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp574634m:*
-
cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp575634m:*
-
cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp576634m:*
-
cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65150:*
-
cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65160:*
-
cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65260:*
-
cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77100:*
-
cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77101:*
-
cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77111:*
-
cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnic2212:*
-
cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnip2212:*
-
cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnip2311:*