Schneider Electric Modicon Quantum Multiple Security Vulnerabilities

Bugtraq ID:	51605
Class:	Unknown
CVE:	CVE-2012-0929 CVE-2012-0930 CVE-2012-0931
Remote:	Yes
Local:	No
Published:	Jan 20 2012 12:00AM
Updated:	Mar 19 2015 08:20AM
Credit:	Project Basecamp
Vulnerable:	Schneider Electric Modicon Quantum 0
Not Vulnerable:

Schneider Electric Modicon Quantum Multiple Security Vulnerabilities

Schneider Electric Modicon Quantum is prone to multiple vulnerabilities including:

1. A remote code-execution vulnerability.
2. Multiple buffer-overflow vulnerabilities.
3. A security-bypass vulnerability.
4. A cross site-scripting vulnerability.

Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, bypass some security restrictions, allow an attacker to steal cookie-based information, or execute script code in the context of the browser of an unsuspecting user; other attacks may also be possible.

Schneider Electric Modicon Quantum Multiple Security Vulnerabilities

Metasploit exploit modules are available. Please see the references for more information.

Schneider Electric Modicon Quantum Multiple Security Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Schneider Electric Modicon Quantum Multiple Security Vulnerabilities

References:

• ICS-ALERT-12-020-03A�??SCHNEIDER ELECTRIC MODICON QUANTUM MULTIPLE VULNERABILITIES (ICS-CERT)
  
• Modicon Quantum Homepage (Schneider Electric)
  
• Weekly Metasploit Update: SCADA, Lab Gem, and Squid Pivoting (Metasploit)
  
• ICS-ALERT-12-020-03�??SCHNEIDER ELECTRIC MODICON QUANTUM MULTIPLE VULNERABILITIES (ICS-CERT)
  
• ICS-ALERT-12-020-03B (US-CERT)