Lucene search

[email protected]NVD:CVE-2011-4859

HistoryDec 17, 2011 - 11:55 a.m.

CVE-2011-4859

2011-12-1711:55:11

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.056 Low

EPSS

Percentile

93.3%

JSON

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or © FTP port.

Affected configurations

NVD

Node

schneider-electricquantum_ethernet_module_140cpu65150Range≤3.5

schneider-electricquantum_ethernet_module_140cpu65160Range≤3.5

schneider-electricquantum_ethernet_module_140cpu65260Range≤3.5

schneider-electricquantum_ethernet_module_140noe77100Range≤3.3

schneider-electricquantum_ethernet_module_140noe77100Range≤3.4

schneider-electricquantum_ethernet_module_140noe77101Range≤4.9

schneider-electricquantum_ethernet_module_140noe77111Range≤5.0

Node

schneider-electricpremium_ethernet_module_tsxety4103Range≤5.0

schneider-electricpremium_ethernet_module_tsxety5103Range≤5.0

schneider-electricpremium_ethernet_module_tsxp57163mRange≤4.9

schneider-electricpremium_ethernet_module_tsxp572634mRange≤4.9

schneider-electricpremium_ethernet_module_tsxp573634mRange≤4.9

schneider-electricpremium_ethernet_module_tsxp574634mRange≤3.5

schneider-electricpremium_ethernet_module_tsxp575634mRange≤3.5

schneider-electricpremium_ethernet_module_tsxp576634mRange≤3.5

Node

schneider-electricm340_ethernet_module_bmxnoe0100Range≤2.3

schneider-electricm340_ethernet_module_bmxnoe0110Range≤4.65

schneider-electricm340_ethernet_module_bmxp342020Range≤2.2

schneider-electricm340_ethernet_module_bmxp342030Range≤2.2

Node

schneider-electricstb_dio_ethernet_module_stbnic2212Range≤2.10

schneider-electricstb_dio_ethernet_module_stbnip2212Range≤2.73

schneider-electricstb_dio_ethernet_module_stbnip2311Range≤3.01

References

reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1

secunia.com/advisories/47723

www.securityfocus.com/bid/51605

www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf

www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf

www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/72587

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.056 Low

EPSS

Percentile

93.3%

JSON

Related for NVD:CVE-2011-4859

nessus2 cvelist1 prion1 seebug1 ics1 cve1 openvas2