CVE-2011-4859

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
http://secunia.com/advisories/47723
http://www.securityfocus.com/bid/51605
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72587
http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
http://secunia.com/advisories/47723
http://www.securityfocus.com/bid/51605
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72587

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65150::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65160::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65260::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77100::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77100::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77101::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77111::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxety4103::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxety5103::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp57163m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp572634m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp573634m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp574634m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp575634m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp576634m::::::::

Configuration 3 (hide)

OR	cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxnoe0100::::::::
	cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxnoe0110::::::::
	cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxp342020::::::::
	cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxp342030::::::::

Configuration 4 (hide)

OR	cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnic2212::::::::
	cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnip2212::::::::
	cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnip2311::::::::

History

21 Nov 2024, 01:33

Type	Values Removed	Values Added
References	~~() http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1 -~~	() http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1 -
References	~~() http://secunia.com/advisories/47723 -~~	() http://secunia.com/advisories/47723 -
References	~~() http://www.securityfocus.com/bid/51605 -~~	() http://www.securityfocus.com/bid/51605 -
References	~~() http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf -~~	() http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf -
References	~~() http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf -~~	() http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf -
References	~~() http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf -~~	() http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/72587 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/72587 -

Information

Published : 2011-12-17 11:55

Updated : 2025-04-11 00:51

NVD link : CVE-2011-4859

Mitre link : CVE-2011-4859

CVE.ORG link : CVE-2011-4859

JSON object : View

Products Affected

schneider-electric

premium_ethernet_module_tsxety5103
stb_dio_ethernet_module_stbnic2212
premium_ethernet_module_tsxety4103
premium_ethernet_module_tsxp572634m
m340_ethernet_module_bmxp342020
quantum_ethernet_module_140cpu65160
stb_dio_ethernet_module_stbnip2311
m340_ethernet_module_bmxp342030
stb_dio_ethernet_module_stbnip2212
quantum_ethernet_module_140noe77101
quantum_ethernet_module_140noe77111
premium_ethernet_module_tsxp573634m
quantum_ethernet_module_140noe77100
premium_ethernet_module_tsxp574634m
quantum_ethernet_module_140cpu65260
premium_ethernet_module_tsxp576634m
m340_ethernet_module_bmxnoe0100
premium_ethernet_module_tsxp57163m
m340_ethernet_module_bmxnoe0110
premium_ethernet_module_tsxp575634m
quantum_ethernet_module_140cpu65150

CWE

NVD-CWE-Other

{"id": "CVE-2011-4859", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-12-17T11:55:11.917", "references": [{"url": "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/47723", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/51605", "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf", "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf", "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72587", "source": "cve@mitre.org"}, {"url": "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/47723", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/51605", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72587", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port."}, {"lang": "es", "value": "El m\u00f3dulo Schneider Electric Quantum Ethernet, tal como se utiliza en los m\u00f3dulos Quantum 140NOE771* y 140CPU65*, los m\u00f3dulos Premium TSXETY* y TSXP57*, los m\u00f3dulos M340 BMXNOE01* y BMXP3420*, y los m\u00f3dulos STB DIO STBNIC2212 y STBNIP2*, utiliza contrase\u00f1as est\u00e1ticas para las cuentas (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, y (16) webserver, lo que facilita a atacantes remotos obtener acceso a trav\u00e9s de (a) TELNET, (b) Windriver Debug, o (c) el puerto FTP."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65150:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F46FD25F-6A66-4A01-94B6-B2C7B4A1161F", "versionEndIncluding": "3.5"}, {"criteria": "cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65160:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4B260E8-8CAB-43D6-B7EB-1A47085B3301", "versionEndIncluding": "3.5"}, {"criteria": "cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65260:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7407DDC-F4BC-48FB-9B0B-4BED21B82FAE", "versionEndIncluding": "3.5"}, {"criteria": "cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77100:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E2B9B12-772E-45B0-B696-9487C5EC9669", "versionEndIncluding": "3.3"}, {"criteria": "cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77100:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84E9206F-0AED-4C42-849E-F8741C070234", "versionEndIncluding": "3.4"}, {"criteria": "cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77101:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6272D36-A9E3-4210-8998-19D65323E085", "versionEndIncluding": "4.9"}, {"criteria": "cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77111:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0780C449-C9A7-4D83-9090-C48EB308F69F", "versionEndIncluding": "5.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxety4103:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D5CFADB-BD77-45B2-83F6-791ECB6DCEC1", "versionEndIncluding": "5.0"}, {"criteria": "cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxety5103:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD0DA2C8-81BE-4006-B6A2-DE2B20F85771", "versionEndIncluding": "5.0"}, {"criteria": "cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp57163m:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1F32575-37AC-4F55-904F-68AED57F8B63", "versionEndIncluding": "4.9"}, {"criteria": "cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp572634m:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B88C30B-8748-42AA-8765-2EC8ADAD4B54", "versionEndIncluding": "4.9"}, {"criteria": "cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp573634m:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "985B9868-9D59-4902-B825-387BF1F8A8A6", "versionEndIncluding": "4.9"}, {"criteria": "cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp574634m:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DD89F76-4EB6-41D2-8646-602C13166C35", "versionEndIncluding": "3.5"}, {"criteria": "cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp575634m:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9CCBD5A-7E9F-4204-95CB-C1C00B3B4BFF", "versionEndIncluding": "3.5"}, {"criteria": "cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp576634m:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EDB245F-2BAF-4EA1-B6EC-E9F54C8AB4AD", "versionEndIncluding": "3.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxnoe0100:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C1A71AC-5951-40E0-900F-E3E29AD0C791", "versionEndIncluding": "2.3"}, {"criteria": "cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxnoe0110:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7D8CC15-CFC3-4BFF-9BC0-4059FD7DCDE6", "versionEndIncluding": "4.65"}, {"criteria": "cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxp342020:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76A49B2B-1353-46BF-8A03-2CD5701A1465", "versionEndIncluding": "2.2"}, {"criteria": "cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxp342030:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "130C136E-5762-4C25-8F66-85CC323FB04F", "versionEndIncluding": "2.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnic2212:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4EC1C87-FF50-4442-B096-6EBB70A679A9", "versionEndIncluding": "2.10"}, {"criteria": "cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnip2212:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76A596AB-117A-471A-8DE2-F0271370EAE5", "versionEndIncluding": "2.73"}, {"criteria": "cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnip2311:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FDE9605-55A2-4B8C-B1F3-880E98328C55", "versionEndIncluding": "3.01"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

10.0 /10