Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-4859

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

Security Impact Summary

CVE-2011-4859 is a security vulnerability that . Impacting 21 products from schneider-electric, from schneider-electric, from schneider-electric and 18 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Documented in 2011, this vulnerability occurred amid the cloud computing expansion era, where traditional network perimeter security models were being reevaluated. Organizations were transitioning from isolated infrastructure to interconnected systems, creating new attack surfaces that vulnerabilities like this could exploit.

Published

2011-12-17T11:55:11.917

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	schneider-electric	quantum_ethernet_module_140cpu65150	≤ 3.5	Yes
Application	schneider-electric	quantum_ethernet_module_140cpu65160	≤ 3.5	Yes
Application	schneider-electric	quantum_ethernet_module_140cpu65260	≤ 3.5	Yes
Application	schneider-electric	quantum_ethernet_module_140noe77100	≤ 3.3	Yes
Application	schneider-electric	quantum_ethernet_module_140noe77100	≤ 3.4	Yes
Application	schneider-electric	quantum_ethernet_module_140noe77101	≤ 4.9	Yes
Application	schneider-electric	quantum_ethernet_module_140noe77111	≤ 5.0	Yes
Application	schneider-electric	premium_ethernet_module_tsxety4103	≤ 5.0	Yes
Application	schneider-electric	premium_ethernet_module_tsxety5103	≤ 5.0	Yes
Application	schneider-electric	premium_ethernet_module_tsxp57163m	≤ 4.9	Yes
Application	schneider-electric	premium_ethernet_module_tsxp572634m	≤ 4.9	Yes
Application	schneider-electric	premium_ethernet_module_tsxp573634m	≤ 4.9	Yes
Application	schneider-electric	premium_ethernet_module_tsxp574634m	≤ 3.5	Yes
Application	schneider-electric	premium_ethernet_module_tsxp575634m	≤ 3.5	Yes
Application	schneider-electric	premium_ethernet_module_tsxp576634m	≤ 3.5	Yes
Application	schneider-electric	m340_ethernet_module_bmxnoe0100	≤ 2.3	Yes
Application	schneider-electric	m340_ethernet_module_bmxnoe0110	≤ 4.65	Yes
Application	schneider-electric	m340_ethernet_module_bmxp342020	≤ 2.2	Yes
Application	schneider-electric	m340_ethernet_module_bmxp342030	≤ 2.2	Yes
Application	schneider-electric	stb_dio_ethernet_module_stbnic2212	≤ 2.10	Yes
Application	schneider-electric	stb_dio_ethernet_module_stbnip2212	≤ 2.73	Yes
Application	schneider-electric	stb_dio_ethernet_module_stbnip2311	≤ 3.01	Yes

References

http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1 ([email protected])
http://secunia.com/advisories/47723 ([email protected])
http://www.securityfocus.com/bid/51605 ([email protected])
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf ([email protected])
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf ([email protected])
http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/72587 ([email protected])
http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/47723 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/51605 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/72587 (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For schneider-electric's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.