Details of VAR-E-201201-0278

ID

VAR-E-201201-0278

CVE

cve_id:	CVE-2012-0931	Trust: 0.3
cve_id:	CVE-2012-0930	Trust: 0.3
cve_id:	CVE-2012-0929	Trust: 0.3

sources: BID: 51605

TITLE

Schneider Electric Modicon Quantum Multiple Security Vulnerabilities

Trust: 0.3

sources: BID: 51605

DESCRIPTION

Schneider Electric Modicon Quantum is prone to multiple vulnerabilities including:
1. A remote code-execution vulnerability.
2. Multiple buffer-overflow vulnerabilities.
3. A security-bypass vulnerability.
4. A cross site-scripting vulnerability.
Attackers can exploit these issues to execute arbitrary code in the context of the affected application, cause denial-of-service conditions, bypass some security restrictions, allow an attacker to steal cookie-based information, or execute script code in the context of the browser of an unsuspecting user; other attacks may also be possible.

Trust: 0.3

sources: BID: 51605

AFFECTED PRODUCTS

vendor:

schneider

model:

electric modicon quantum

scope:

version:

Trust: 0.3

sources: BID: 51605

EXPLOIT

Metasploit exploit modules are available. Please see the references for more information.

Trust: 0.3

sources: BID: 51605

PRICE

Free

Trust: 0.3

sources: BID: 51605

TYPE

Unknown

Trust: 0.3

sources: BID: 51605

CREDITS

Project Basecamp

Trust: 0.3

sources: BID: 51605

EXTERNAL IDS

db:	ICS CERT ALERT	id:	ICS-ALERT-12-020-03A	Trust: 0.3
db:	ICS CERT ALERT	id:	ICS-ALERT-12-020-03	Trust: 0.3
db:	ICS CERT ALERT	id:	ICS-ALERT-12-020-03B	Trust: 0.3
db:	NVD	id:	CVE-2012-0931	Trust: 0.3
db:	NVD	id:	CVE-2012-0930	Trust: 0.3
db:	NVD	id:	CVE-2012-0929	Trust: 0.3
db:	BID	id:	51605	Trust: 0.3

sources: BID: 51605

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-12-020-03b.pdf	Trust: 0.3
url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-12-020-03a.pdf	Trust: 0.3
url:	https://community.rapid7.com/community/metasploit/blog/2012/04/05/metasploit-update	Trust: 0.3
url:	http://www.us-cert.gov/control_systems/pdf/ics-alert-12-020-03.pdf	Trust: 0.3
url:	http://www2.schneider-electric.com/sites/corporate/en/products-services/automation-control/products-offer/range-presentation.page?c_filepath=/templatedata/offer_presentation/3_range_datasheet/data/en/	Trust: 0.3

sources: BID: 51605

SOURCES

db:

BID

id:

51605

LAST UPDATE DATE

2022-07-27T09:27:47.685000+00:00

SOURCES UPDATE DATE

db:

BID

id:

51605

date:

2015-03-19T08:20:00

SOURCES RELEASE DATE

db:

BID

id:

51605

date:

2012-01-20T00:00:00