Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4859

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-4859
Last Modified 30 Jan 2012 11:08:32
Published 17 Dec 2011 06:55:11
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4859

Summary

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

Vulnerable Systems

Application

  • Schneider-electric M340 Ethernet Module Bmxnoe0100 2.3

  • Schneider-electric M340 Ethernet Module Bmxnoe0110 4.65

  • Schneider-electric M340 Ethernet Module Bmxp342020 2.2

  • Schneider-electric M340 Ethernet Module Bmxp342030 2.2

  • Schneider-electric Premium Ethernet Module Tsxety4103 5.0

  • Schneider-electric Premium Ethernet Module Tsxety5103 5.0

  • Schneider-electric Premium Ethernet Module Tsxp57163m 4.9

  • Schneider-electric Premium Ethernet Module Tsxp572634m 4.9

  • Schneider-electric Premium Ethernet Module Tsxp573634m 4.9

  • Schneider-electric Premium Ethernet Module Tsxp574634m 3.5

  • Schneider-electric Premium Ethernet Module Tsxp575634m 3.5

  • Schneider-electric Premium Ethernet Module Tsxp576634m 3.5

  • Schneider-electric Quantum Ethernet Module 140cpu65150 3.5

  • Schneider-electric Quantum Ethernet Module 140cpu65160 3.5

  • Schneider-electric Quantum Ethernet Module 140cpu65260 3.5

  • Schneider-electric Quantum Ethernet Module 140noe77100 3.3

  • Schneider-electric Quantum Ethernet Module 140noe77100 3.4

  • Schneider-electric Quantum Ethernet Module 140noe77101 4.9

  • Schneider-electric Quantum Ethernet Module 140noe77111 5.0

  • Schneider-electric Stb Dio Ethernet Module Stbnic2212 2.10

  • Schneider-electric Stb Dio Ethernet Module Stbnip2212 2.73

  • Schneider-electric Stb Dio Ethernet Module Stbnip2311 3.01


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf

MISC - http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1

XF - schneider-modicon-backdoor(72587)

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf

MISC - http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf

BID - 51605

SECUNIA - 47723


Last Updated: 27 May 2016 10:57:56