ghsa-wrpc-6j6r-gh72
Vulnerability from github
Published
2022-05-17 01:51
Modified
2022-05-17 01:51
Details

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771 and 140CPU65 modules, the Premium TSXETY and TSXP57 modules, the M340 BMXNOE01 and BMXP3420 modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2011-4859"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-12-17T11:55:00Z",
    "severity": "HIGH"
  },
  "details": "The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.",
  "id": "GHSA-wrpc-6j6r-gh72",
  "modified": "2022-05-17T01:51:36Z",
  "published": "2022-05-17T01:51:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4859"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72587"
    },
    {
      "type": "WEB",
      "url": "http://reversemode.com/index.php?option=com_content\u0026task=view\u0026id=80\u0026Itemid=1"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/47723"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/51605"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.