CVE-2011-4859

Summary

CVE	CVE-2011-4859
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2011-12-17 11:55:00 UTC
Updated	2017-08-29 01:30:00 UTC
Description	The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Schneider-electric	M340 Ethernet Module Bmxnoe0100	All	All	All	All
Application	Schneider-electric	M340 Ethernet Module Bmxnoe0110	All	All	All	All
Application	Schneider-electric	M340 Ethernet Module Bmxp342020	All	All	All	All
Application	Schneider-electric	M340 Ethernet Module Bmxp342030	All	All	All	All
Application	Schneider-electric	Premium Ethernet Module Tsxety4103	All	All	All	All
Application	Schneider-electric	Premium Ethernet Module Tsxety5103	All	All	All	All
Application	Schneider-electric	Premium Ethernet Module Tsxp57163m	All	All	All	All
Application	Schneider-electric	Premium Ethernet Module Tsxp572634m	All	All	All	All
Application	Schneider-electric	Premium Ethernet Module Tsxp573634m	All	All	All	All
Application	Schneider-electric	Premium Ethernet Module Tsxp574634m	All	All	All	All
Application	Schneider-electric	Premium Ethernet Module Tsxp575634m	All	All	All	All
Application	Schneider-electric	Premium Ethernet Module Tsxp576634m	All	All	All	All
Application	Schneider-electric	Quantum Ethernet Module 140cpu65150	All	All	All	All
Application	Schneider-electric	Quantum Ethernet Module 140cpu65160	All	All	All	All
Application	Schneider-electric	Quantum Ethernet Module 140cpu65260	All	All	All	All
Application	Schneider-electric	Quantum Ethernet Module 140noe77100	All	All	All	All
Application	Schneider-electric	Quantum Ethernet Module 140noe77100	All	All	All	All
Application	Schneider-electric	Quantum Ethernet Module 140noe77101	All	All	All	All
Application	Schneider-electric	Quantum Ethernet Module 140noe77111	All	All	All	All
Application	Schneider-electric	Stb Dio Ethernet Module Stbnic2212	All	All	All	All
Application	Schneider-electric	Stb Dio Ethernet Module Stbnip2212	All	All	All	All
Application	Schneider-electric	Stb Dio Ethernet Module Stbnip2311	All	All	All	All

References

Reference	Source	Link	Tags
401 Unauthorized	MISC	reversemode.com
About Secunia Research \| Flexera	SECUNIA	secunia.com
404 - File Not Found \| CISA	MISC	www.us-cert.gov
404 - File Not Found \| CISA	MISC	www.us-cert.gov
404 - File Not Found \| CISA	MISC	www.us-cert.gov
Schneider Electric Modicon Quantum Multiple Security Vulnerabilities	BID	www.securityfocus.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590517 Schneider Electric Quantum Ethernet Module Hard-Coded Credentials (Update B) Vulnerability (ICSA-12-018-01B)
590907 Schneider Electric Embedded FTP Servers for Modicon PAC Controllers Multiple Vulnerabilities (SEVD-2018-081-01)