CVE Vulnerabilities

CVE-2011-4859

Published: Dec 17, 2011 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

Affected Software

Name Vendor Start Version End Version
Quantum_ethernet_module_140noe77101 Schneider-electric * 4.9
Quantum_ethernet_module_140cpu65260 Schneider-electric * 3.5
Quantum_ethernet_module_140cpu65160 Schneider-electric * 3.5
Quantum_ethernet_module_140noe77100 Schneider-electric * 3.3
Quantum_ethernet_module_140cpu65150 Schneider-electric * 3.5
Quantum_ethernet_module_140noe77100 Schneider-electric * 3.4
Quantum_ethernet_module_140noe77111 Schneider-electric * 5.0

References