10

CVE-2011-4859

EPSS 7%
Published 17.12.2011 11:55:11
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Schneider-electric ≫ Quantum Ethernet Module 140cpu65150 Version <= 3.5

Schneider-electric ≫ Quantum Ethernet Module 140cpu65160 Version <= 3.5

Schneider-electric ≫ Quantum Ethernet Module 140cpu65260 Version <= 3.5

Schneider-electric ≫ Quantum Ethernet Module 140noe77100 Version <= 3.3

Schneider-electric ≫ Quantum Ethernet Module 140noe77100 Version <= 3.4

Schneider-electric ≫ Quantum Ethernet Module 140noe77101 Version <= 4.9

Schneider-electric ≫ Quantum Ethernet Module 140noe77111 Version <= 5.0

Schneider-electric ≫ Premium Ethernet Module Tsxety4103 Version <= 5.0

Schneider-electric ≫ Premium Ethernet Module Tsxety5103 Version <= 5.0

Schneider-electric ≫ Premium Ethernet Module Tsxp57163m Version <= 4.9

Schneider-electric ≫ Premium Ethernet Module Tsxp572634m Version <= 4.9

Schneider-electric ≫ Premium Ethernet Module Tsxp573634m Version <= 4.9

Schneider-electric ≫ Premium Ethernet Module Tsxp574634m Version <= 3.5

Schneider-electric ≫ Premium Ethernet Module Tsxp575634m Version <= 3.5

Schneider-electric ≫ Premium Ethernet Module Tsxp576634m Version <= 3.5

Schneider-electric ≫ M340 Ethernet Module Bmxnoe0100 Version <= 2.3

Schneider-electric ≫ M340 Ethernet Module Bmxnoe0110 Version <= 4.65

Schneider-electric ≫ M340 Ethernet Module Bmxp342020 Version <= 2.2

Schneider-electric ≫ M340 Ethernet Module Bmxp342030 Version <= 2.2

Schneider-electric ≫ Stb Dio Ethernet Module Stbnic2212 Version <= 2.10

Schneider-electric ≫ Stb Dio Ethernet Module Stbnip2212 Version <= 2.73

Schneider-electric ≫ Stb Dio Ethernet Module Stbnip2311 Version <= 3.01

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	7%	0.905

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1

http://secunia.com/advisories/47723

http://www.securityfocus.com/bid/51605

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf

http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf

https://exchange.xforce.ibmcloud.com/vulnerabilities/72587

https://nvd.nist.gov/vuln/detail/CVE-2011-4859

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-4859

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-4859

EUVD