CVE-2011-4859
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.
El módulo Schneider Electric Quantum Ethernet, tal como se utiliza en los módulos Quantum 140NOE771* y 140CPU65*, los módulos Premium TSXETY* y TSXP57*, los módulos M340 BMXNOE01* y BMXP3420*, y los módulos STB DIO STBNIC2212 y STBNIP2*, utiliza contraseñas estáticas para las cuentas (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, y (16) webserver, lo que facilita a atacantes remotos obtener acceso a través de (a) TELNET, (b) Windriver Debug, o (c) el puerto FTP.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-12-16 CVE Reserved
- 2011-12-17 CVE Published
- 2024-08-06 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1 | X_refsource_misc | |
| http://secunia.com/advisories/47723 | Third Party Advisory | |
| http://www.securityfocus.com/bid/51605 | Vdb Entry | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf | X_refsource_misc | |
| http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf | X_refsource_misc | |
| http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72587 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Schneider-electric Search vendor "Schneider-electric" | Quantum Ethernet Module 140cpu65150 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140cpu65150" | <= 3.5 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140cpu65150" and version " <= 3.5" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Quantum Ethernet Module 140cpu65160 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140cpu65160" | <= 3.5 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140cpu65160" and version " <= 3.5" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Quantum Ethernet Module 140cpu65260 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140cpu65260" | <= 3.5 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140cpu65260" and version " <= 3.5" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Quantum Ethernet Module 140noe77100 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140noe77100" | <= 3.3 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140noe77100" and version " <= 3.3" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Quantum Ethernet Module 140noe77100 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140noe77100" | <= 3.4 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140noe77100" and version " <= 3.4" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Quantum Ethernet Module 140noe77101 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140noe77101" | <= 4.9 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140noe77101" and version " <= 4.9" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Quantum Ethernet Module 140noe77111 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140noe77111" | <= 5.0 Search vendor "Schneider-electric" for product "Quantum Ethernet Module 140noe77111" and version " <= 5.0" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Premium Ethernet Module Tsxety4103 Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxety4103" | <= 5.0 Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxety4103" and version " <= 5.0" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Premium Ethernet Module Tsxety5103 Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxety5103" | <= 5.0 Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxety5103" and version " <= 5.0" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Premium Ethernet Module Tsxp57163m Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxp57163m" | <= 4.9 Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxp57163m" and version " <= 4.9" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Premium Ethernet Module Tsxp572634m Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxp572634m" | <= 4.9 Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxp572634m" and version " <= 4.9" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Premium Ethernet Module Tsxp573634m Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxp573634m" | <= 4.9 Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxp573634m" and version " <= 4.9" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Premium Ethernet Module Tsxp574634m Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxp574634m" | <= 3.5 Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxp574634m" and version " <= 3.5" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Premium Ethernet Module Tsxp575634m Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxp575634m" | <= 3.5 Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxp575634m" and version " <= 3.5" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Premium Ethernet Module Tsxp576634m Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxp576634m" | <= 3.5 Search vendor "Schneider-electric" for product "Premium Ethernet Module Tsxp576634m" and version " <= 3.5" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | M340 Ethernet Module Bmxnoe0100 Search vendor "Schneider-electric" for product "M340 Ethernet Module Bmxnoe0100" | <= 2.3 Search vendor "Schneider-electric" for product "M340 Ethernet Module Bmxnoe0100" and version " <= 2.3" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | M340 Ethernet Module Bmxnoe0110 Search vendor "Schneider-electric" for product "M340 Ethernet Module Bmxnoe0110" | <= 4.65 Search vendor "Schneider-electric" for product "M340 Ethernet Module Bmxnoe0110" and version " <= 4.65" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | M340 Ethernet Module Bmxp342020 Search vendor "Schneider-electric" for product "M340 Ethernet Module Bmxp342020" | <= 2.2 Search vendor "Schneider-electric" for product "M340 Ethernet Module Bmxp342020" and version " <= 2.2" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | M340 Ethernet Module Bmxp342030 Search vendor "Schneider-electric" for product "M340 Ethernet Module Bmxp342030" | <= 2.2 Search vendor "Schneider-electric" for product "M340 Ethernet Module Bmxp342030" and version " <= 2.2" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Stb Dio Ethernet Module Stbnic2212 Search vendor "Schneider-electric" for product "Stb Dio Ethernet Module Stbnic2212" | <= 2.10 Search vendor "Schneider-electric" for product "Stb Dio Ethernet Module Stbnic2212" and version " <= 2.10" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Stb Dio Ethernet Module Stbnip2212 Search vendor "Schneider-electric" for product "Stb Dio Ethernet Module Stbnip2212" | <= 2.73 Search vendor "Schneider-electric" for product "Stb Dio Ethernet Module Stbnip2212" and version " <= 2.73" | - |
Affected
| ||||||
| Schneider-electric Search vendor "Schneider-electric" | Stb Dio Ethernet Module Stbnip2311 Search vendor "Schneider-electric" for product "Stb Dio Ethernet Module Stbnip2311" | <= 3.01 Search vendor "Schneider-electric" for product "Stb Dio Ethernet Module Stbnip2311" and version " <= 3.01" | - |
Affected
| ||||||