Password Generation Flaw in Schneider Electric Quantum Ethernet Module
CVE-2011-4860

Currently unrated

Key Information:

Vendor: Schneider Electric
Status: Quantum Ethernet Module 140noe77101; Quantum Ethernet Module 140noe77100; Quantum Ethernet Module 140noe77111
Vendor: CVE Published:; 17 December 2011

Summary

The ComputePassword function in Schneider Electric's Quantum Ethernet Module (model NOE 771) has a significant weakness in how it generates passwords for the fwupgrade account. This vulnerability arises from the method used to create passwords based on the MAC address. By exploiting this flaw, remote attackers can easily gain unauthorized access through ARP request messages or Neighbor Solicitation messages, potentially compromising the integrity and security of the device.

References

http://reversemode.com/index.php?option=com_content&task=...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 17, 2011