Hardcoded Password Vulnerability in Schneider Electric Quantum Ethernet Module
CVE-2011-4859

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Quantum Ethernet Module 140noe77101; Quantum Ethernet Module 140cpu65260; Quantum Ethernet Module 140cpu65160; Quantum Ethernet Module 140noe77100
Vendor: CVE Published:; 17 December 2011

Summary

The Quantum Ethernet Module from Schneider Electric is susceptible to an authentication bypass due to multiple hardcoded passwords. These accounts are associated with critical network services, including TELNET and FTP. As a result, remote attackers can exploit this vulnerability to gain unauthorized access to the affected modules, posing significant risks to the integrity and confidentiality of operational systems. Remediation is crucial to prevent potential breaches and safeguard infrastructure.

References

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-0...

x_refsource_MISC

http://reversemode.com/index.php?option=com_content&task=...

x_refsource_MISC

http://www.securityfocus.com/bid/51605

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 17, 2011
Vulnerability Reserved
Dec 16, 2011