Vulnerability Details : CVE-2011-4859
The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.
Exploit prediction scoring system (EPSS) score for CVE-2011-4859
Probability of exploitation activity in the next 30 days: 7.77%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4859
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2011-4859
-
http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf
404 - File Not Found | CISA
-
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf
404 - File Not Found | CISA
-
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf
404 - File Not Found | CISA
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/72587
Schneider Electric Modicon Quantum Series Modules backdoor undefined Vulnerability Report
-
http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
401 Unauthorized
-
http://www.securityfocus.com/bid/51605
Schneider Electric Modicon Quantum Multiple Security Vulnerabilities
Products affected by CVE-2011-4859
- cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77101:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77111:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77100:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:quantum_ethernet_module_140noe77100:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65150:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65160:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:quantum_ethernet_module_140cpu65260:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxety4103:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxety5103:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp57163m:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp572634m:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp573634m:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp574634m:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp575634m:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:premium_ethernet_module_tsxp576634m:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxnoe0100:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxp342030:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxp342020:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:m340_ethernet_module_bmxnoe0110:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnic2212:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnip2311:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:stb_dio_ethernet_module_stbnip2212:*:*:*:*:*:*:*:*