CVE-2011-4859 - OpenCVE

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Schneider-electric	Premium Ethernet Module Tsxp576634m Premium Ethernet Module Tsxp573634m Quantum Ethernet Module 140cpu65160 Stb Dio Ethernet Module Stbnic2212 M340 Ethernet Module Bmxnoe0110 Quantum Ethernet Module 140noe77100 Quantum Ethernet Module 140noe77101 Premium Ethernet Module Tsxp57163m M340 Ethernet Module Bmxnoe0100 Premium Ethernet Module Tsxp575634m Premium Ethernet Module Tsxety5103 Stb Dio Ethernet Module Stbnip2311 Quantum Ethernet Module 140cpu65260 Premium Ethernet Module Tsxp572634m Premium Ethernet Module Tsxety4103 Premium Ethernet Module Tsxp574634m M340 Ethernet Module Bmxp342020 Quantum Ethernet Module 140noe77111 M340 Ethernet Module Bmxp342030 Quantum Ethernet Module 140cpu65150 Stb Dio Ethernet Module Stbnip2212

Configuration 1 [-]

OR	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65150::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65160::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65260::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77100::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77100::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77101::::::::
	cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77111::::::::

Configuration 2 [-]

OR	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxety4103::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxety5103::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp57163m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp572634m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp573634m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp574634m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp575634m::::::::
	cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp576634m::::::::

Configuration 3 [-]

OR	cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxnoe0100::::::::
	cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxnoe0110::::::::
	cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxp342020::::::::
	cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxp342030::::::::

Configuration 4 [-]

OR	cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnic2212::::::::
	cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnip2212::::::::
	cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnip2311::::::::

References

Link	Resource
http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
http://secunia.com/advisories/47723
http://www.securityfocus.com/bid/51605
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72587