ID

VAR-201112-0252


CVE

CVE-2011-4859


TITLE

Schneider Electric Quantum Ethernet Module Security Vulnerability

Trust: 1.4

sources: IVD: 4cffae96-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5607 // CNNVD: CNNVD-201112-344

DESCRIPTION

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port. Schneider Electric Modicon Quantum is an automated control platform with a full range of complete processors for complex process control and infrastructure. Schneider Electric Modicon Quantum has several security vulnerabilities, including: (1) Communication between Unity software and PLC without authentication, allowing attackers to perform denial of service and remote code execution attacks. (2) There is a backdoor account that allows access to the system with user or administrator privileges. (3) The HTTP server has a buffer overflow, and the remote attacker can exploit the vulnerability for the denial of service attack. (4) There is a buffer overflow in the FTP server, and a remote attacker can exploit the vulnerability for a denial of service attack. (5) There is also a cross-site scripting attack. The firmware provided by Schneider Schneider Electric Quantum Ethernet Module has a hard-coded problem. Attackers can exploit this issue to gain access to the Telnet port service, Windriver Debug port service, and FTP service. Attackers can exploit this vulnerability to execute arbitrary code within the context of the vulnerable device. 1) Certain unspecified input is not properly sanitised before being returned to the user. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Ruben Santamarta via Digital Bond\x92s SCADA Security Scientific Symposium (S4). ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Schneider Electric Ethernet Modules Undocumented Account Security Issues SECUNIA ADVISORY ID: SA47019 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47019/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47019 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47019/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47019/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47019 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ruben Santamarta has reported some security issues in multiple Schneider Electric modules, which can be exploited by malicious people to bypass certain security restrictions. modify HTTP passwords and upload malicious firmware. Please see the ICS-CERT's advisory for a list of affected products and versions. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta ORIGINAL ADVISORY: Ruben Santamarta: http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1 ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 5.13

sources: NVD: CVE-2011-4859 // JVNDB: JVNDB-2011-003477 // CNVD: CNVD-2012-0327 // CNVD: CNVD-2011-5607 // CNVD: CNVD-2011-5303 // CNVD: CNVD-2011-5304 // CNVD: CNVD-2011-5302 // BID: 51046 // IVD: 4cffae96-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52804 // VULMON: CVE-2011-4859 // PACKETSTORM: 108988 // PACKETSTORM: 107894

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 3.2

sources: IVD: 4cffae96-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0327 // CNVD: CNVD-2011-5607 // CNVD: CNVD-2011-5303 // CNVD: CNVD-2011-5304 // CNVD: CNVD-2011-5302

AFFECTED PRODUCTS

vendor:schneidermodel:electric quantum ethernet modulescope:eqversion:x

Trust: 2.4

vendor:schneider electricmodel:quantum ethernet module 140noe77111scope:lteversion:5.0

Trust: 1.0

vendor:schneider electricmodel:premium ethernet module tsxp57163mscope:lteversion:4.9

Trust: 1.0

vendor:schneider electricmodel:premium ethernet module tsxety5103scope:lteversion:5.0

Trust: 1.0

vendor:schneider electricmodel:stb dio ethernet module stbnip2212scope:lteversion:2.73

Trust: 1.0

vendor:schneider electricmodel:quantum ethernet module 140cpu65150scope:lteversion:3.5

Trust: 1.0

vendor:schneider electricmodel:quantum ethernet module 140cpu65260scope:lteversion:3.5

Trust: 1.0

vendor:schneider electricmodel:premium ethernet module tsxp572634mscope:lteversion:4.9

Trust: 1.0

vendor:schneider electricmodel:stb dio ethernet module stbnip2311scope:lteversion:3.01

Trust: 1.0

vendor:schneider electricmodel:premium ethernet module tsxp573634mscope:lteversion:4.9

Trust: 1.0

vendor:schneider electricmodel:m340 ethernet module bmxnoe0100scope:lteversion:2.3

Trust: 1.0

vendor:schneider electricmodel:quantum ethernet module 140noe77100scope:lteversion:3.4

Trust: 1.0

vendor:schneider electricmodel:m340 ethernet module bmxp342030scope:lteversion:2.2

Trust: 1.0

vendor:schneider electricmodel:m340 ethernet module bmxp342020scope:lteversion:2.2

Trust: 1.0

vendor:schneider electricmodel:premium ethernet module tsxety4103scope:lteversion:5.0

Trust: 1.0

vendor:schneider electricmodel:quantum ethernet module 140cpu65160scope:lteversion:3.5

Trust: 1.0

vendor:schneider electricmodel:m340 ethernet module bmxnoe0110scope:lteversion:4.65

Trust: 1.0

vendor:schneider electricmodel:premium ethernet module tsxp576634mscope:lteversion:3.5

Trust: 1.0

vendor:schneider electricmodel:stb dio ethernet module stbnic2212scope:lteversion:2.10

Trust: 1.0

vendor:schneider electricmodel:premium ethernet module tsxp575634mscope:lteversion:3.5

Trust: 1.0

vendor:schneider electricmodel:quantum ethernet module 140noe77101scope:lteversion:4.9

Trust: 1.0

vendor:schneider electricmodel:premium ethernet module tsxp574634mscope:lteversion:3.5

Trust: 1.0

vendor:schneider electricmodel:quantum ethernet module 140noe77100scope:lteversion:3.3

Trust: 1.0

vendor:schneider electricmodel:modicon m340 ethernet module bmxnoe0100scope:lteversion:v2.3

Trust: 0.8

vendor:schneider electricmodel:modicon m340 ethernet module bmxnoe0110scope:lteversion:v4.65

Trust: 0.8

vendor:schneider electricmodel:modicon m340 ethernet module bmxp342020scope:lteversion:v2.2

Trust: 0.8

vendor:schneider electricmodel:modicon m340 ethernet module bmxp342030scope:lteversion:v2.2

Trust: 0.8

vendor:schneider electricmodel:premium ethernet module tsxety4103scope:lteversion:v5.0

Trust: 0.8

vendor:schneider electricmodel:premium ethernet module tsxety5103scope:lteversion:v5.0

Trust: 0.8

vendor:schneider electricmodel:premium ethernet module tsxp571634mscope:lteversion:v4.9

Trust: 0.8

vendor:schneider electricmodel:premium ethernet module tsxp572634mscope:lteversion:v4.9

Trust: 0.8

vendor:schneider electricmodel:premium ethernet module tsxp573634mscope:lteversion:v4.9

Trust: 0.8

vendor:schneider electricmodel:premium ethernet module tsxp574634mscope:lteversion:v3.5

Trust: 0.8

vendor:schneider electricmodel:premium ethernet module tsxp575634mscope:lteversion:v3.5

Trust: 0.8

vendor:schneider electricmodel:premium ethernet module tsxp576634mscope:lteversion:v3.5

Trust: 0.8

vendor:schneider electricmodel:quantum ethernet module 140cpu65150scope:lteversion:v3.5

Trust: 0.8

vendor:schneider electricmodel:quantum ethernet module 140cpu65160scope:lteversion:v3.5

Trust: 0.8

vendor:schneider electricmodel:quantum ethernet module 140cpu65260scope:lteversion:v3.5

Trust: 0.8

vendor:schneider electricmodel:quantum ethernet module 140noe77100scope:lteversion:v3.4

Trust: 0.8

vendor:schneider electricmodel:quantum ethernet module 140noe77101scope:lteversion:v4.9

Trust: 0.8

vendor:schneider electricmodel:quantum ethernet module 140noe77110scope:lteversion:v3.3

Trust: 0.8

vendor:schneider electricmodel:quantum ethernet module 140noe77111scope:lteversion:v5.0

Trust: 0.8

vendor:schneider electricmodel:stb dio series module stbnic2212scope:lteversion:v2.10

Trust: 0.8

vendor:schneider electricmodel:stb dio series module stbnip2212scope:lteversion:v2.73

Trust: 0.8

vendor:schneider electricmodel:stb dio series module stbnip2311scope:lteversion:v3.01

Trust: 0.8

vendor:schneidermodel:electric modicon quantumscope:eqversion:0

Trust: 0.6

vendor:schneider electricmodel:m340 ethernet module bmxp342030scope:eqversion:2.2

Trust: 0.6

vendor:schneider electricmodel:m340 ethernet module bmxnoe0110scope:eqversion:4.65

Trust: 0.6

vendor:schneider electricmodel:stb dio ethernet module stbnip2212scope:eqversion:2.73

Trust: 0.6

vendor:schneider electricmodel:m340 ethernet module bmxp342020scope:eqversion:2.2

Trust: 0.6

vendor:schneider electricmodel:m340 ethernet module bmxnoe0100scope:eqversion:2.3

Trust: 0.6

vendor:schneider electricmodel:premium ethernet module tsxp576634mscope:eqversion:3.5

Trust: 0.6

vendor:schneider electricmodel:premium ethernet module tsxp574634mscope:eqversion:3.5

Trust: 0.6

vendor:schneider electricmodel:stb dio ethernet module stbnip2311scope:eqversion:3.01

Trust: 0.6

vendor:schneider electricmodel:stb dio ethernet module stbnic2212scope:eqversion:2.10

Trust: 0.6

vendor:schneider electricmodel:premium ethernet module tsxp575634mscope:eqversion:3.5

Trust: 0.6

vendor:quantum ethernet module 140noe77100model: - scope:eqversion:*

Trust: 0.4

vendor:schneidermodel:electric quantum ethernet module tsxp573634mscope:eqversion:4.9

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module 140noc77101scope:eqversion:1.01

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module bmxnoe0100scope:eqversion:2.3

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module 140noe77101scope:eqversion:4.9

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module bmxnoc0401scope:eqversion:1.01

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module 140noc77100scope:eqversion:1.01

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module tsxp571634mscope:eqversion:4.9

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module 140noe77111scope:eqversion:5.0

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module 140cpu65160scope:eqversion:3.5

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module bmxnoe0110scope:eqversion:4.65

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module 140noe77110scope:eqversion:3.3

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module bmxp342020scope:eqversion:2.2

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module tsxp575634mscope:eqversion:3.5

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module tsxp574634mscope:eqversion:3.5

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module tsxetc101scope:eqversion:1.01

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module stbnip2311scope:eqversion:3.01

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module tsxp572634mscope:eqversion:4.9

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module 140noe77100scope:eqversion:3.4

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module tsxp576634mscope:eqversion:3.5

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module bmxp342030scope:eqversion:2.2

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module stbnip2212scope:eqversion:2.73

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module tsxety5103scope:eqversion:5.0

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module 140cpu65150scope:eqversion:3.5

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module 140cpu65260scope:eqversion:3.5

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module stbnic2212scope:eqversion:2.10

Trust: 0.3

vendor:schneidermodel:electric quantum ethernet module tsxety4103scope:eqversion:5.0

Trust: 0.3

vendor:quantum ethernet module 140cpu65150model: - scope:eqversion:*

Trust: 0.2

vendor:quantum ethernet module 140cpu65160model: - scope:eqversion:*

Trust: 0.2

vendor:quantum ethernet module 140cpu65260model: - scope:eqversion:*

Trust: 0.2

vendor:quantum ethernet module 140noe77101model: - scope:eqversion:*

Trust: 0.2

vendor:quantum ethernet module 140noe77111model: - scope:eqversion:*

Trust: 0.2

vendor:premium ethernet module tsxety4103model: - scope:eqversion:*

Trust: 0.2

vendor:premium ethernet module tsxety5103model: - scope:eqversion:*

Trust: 0.2

vendor:premium ethernet module tsxp57163mmodel: - scope:eqversion:*

Trust: 0.2

vendor:premium ethernet module tsxp572634mmodel: - scope:eqversion:*

Trust: 0.2

vendor:premium ethernet module tsxp573634mmodel: - scope:eqversion:*

Trust: 0.2

vendor:premium ethernet module tsxp574634mmodel: - scope:eqversion:*

Trust: 0.2

vendor:premium ethernet module tsxp575634mmodel: - scope:eqversion:*

Trust: 0.2

vendor:premium ethernet module tsxp576634mmodel: - scope:eqversion:*

Trust: 0.2

vendor:m340 ethernet module bmxnoe0100model: - scope:eqversion:*

Trust: 0.2

vendor:m340 ethernet module bmxnoe0110model: - scope:eqversion:*

Trust: 0.2

vendor:m340 ethernet module bmxp342020model: - scope:eqversion:*

Trust: 0.2

vendor:m340 ethernet module bmxp342030model: - scope:eqversion:*

Trust: 0.2

vendor:stb dio ethernet module stbnic2212model: - scope:eqversion:*

Trust: 0.2

vendor:stb dio ethernet module stbnip2212model: - scope:eqversion:*

Trust: 0.2

vendor:stb dio ethernet module stbnip2311model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 4cffae96-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0327 // CNVD: CNVD-2011-5607 // CNVD: CNVD-2011-5303 // CNVD: CNVD-2011-5304 // CNVD: CNVD-2011-5302 // BID: 51046 // JVNDB: JVNDB-2011-003477 // CNNVD: CNNVD-201112-344 // NVD: CVE-2011-4859

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4859
value: HIGH

Trust: 1.0

NVD: CVE-2011-4859
value: HIGH

Trust: 0.8

CNVD: CNVD-2011-5607
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201112-344
value: CRITICAL

Trust: 0.6

IVD: 4cffae96-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-52804
value: HIGH

Trust: 0.1

VULMON: CVE-2011-4859
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-4859
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2011-5607
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4cffae96-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52804
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 4cffae96-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5607 // VULHUB: VHN-52804 // VULMON: CVE-2011-4859 // JVNDB: JVNDB-2011-003477 // CNNVD: CNNVD-201112-344 // NVD: CVE-2011-4859

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-DesignError

Trust: 0.8

sources: JVNDB: JVNDB-2011-003477 // NVD: CVE-2011-4859

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201112-231 // CNNVD: CNNVD-201112-344

TYPE

Design error

Trust: 0.8

sources: IVD: 4cffae96-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201112-344

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003477

PATCH

title:Top Pageurl:http://www.schneider-electric.com

Trust: 0.8

title:γ‚΅γƒγƒΌγƒˆurl:http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page

Trust: 0.8

title:Top Pageurl:http://www.schneider-electric.com/site/home/index.cfm/jp/

Trust: 0.8

title:Schneider Electric Quantum Ethernet Module Security Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/37440

Trust: 0.6

title:Patch for Schneider Electric Quantum Ether Module Hardcoded Validation Credential Validation Bypass Vulnerability (CNVD-2011-5303)url:https://www.cnvd.org.cn/patchInfo/show/6294

Trust: 0.6

title:Patch for Schneider Electric Quantum Ether Module Hardcoded Validation Credential Validation Bypass Vulnerability (CNVD-2011-5304)url:https://www.cnvd.org.cn/patchInfo/show/6296

Trust: 0.6

title:Patch for Schneider Electric Quantum Ether Module Hardcoded Validation Credential Validation Bypass Vulnerability (CNVD-2011-5302)url:https://www.cnvd.org.cn/patchInfo/show/6297

Trust: 0.6

sources: CNVD: CNVD-2011-5607 // CNVD: CNVD-2011-5303 // CNVD: CNVD-2011-5304 // CNVD: CNVD-2011-5302 // JVNDB: JVNDB-2011-003477

EXTERNAL IDS

db:ICS CERT ALERTid:ICS-ALERT-11-346-01

Trust: 4.8

db:NVDid:CVE-2011-4859

Trust: 3.7

db:BIDid:51046

Trust: 2.9

db:ICS CERT ALERTid:ICS-ALERT-12-020-03

Trust: 2.7

db:BIDid:51605

Trust: 2.4

db:ICS CERTid:ICSA-12-018-01

Trust: 2.0

db:SECUNIAid:47723

Trust: 1.4

db:CNNVDid:CNNVD-201112-344

Trust: 0.9

db:CNVDid:CNVD-2011-5607

Trust: 0.8

db:JVNDBid:JVNDB-2011-003477

Trust: 0.8

db:CNVDid:CNVD-2012-0327

Trust: 0.6

db:CNVDid:CNVD-2011-5303

Trust: 0.6

db:CNVDid:CNVD-2011-5304

Trust: 0.6

db:CNVDid:CNVD-2011-5302

Trust: 0.6

db:CNNVDid:CNNVD-201112-231

Trust: 0.6

db:IVDid:4CFFAE96-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:SECUNIAid:47019

Trust: 0.2

db:SEEBUGid:SSVID-89384

Trust: 0.1

db:VULHUBid:VHN-52804

Trust: 0.1

db:ICS CERTid:ICSA-12-018-01B

Trust: 0.1

db:VULMONid:CVE-2011-4859

Trust: 0.1

db:PACKETSTORMid:108988

Trust: 0.1

db:PACKETSTORMid:107894

Trust: 0.1

sources: IVD: 4cffae96-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0327 // CNVD: CNVD-2011-5607 // CNVD: CNVD-2011-5303 // CNVD: CNVD-2011-5304 // CNVD: CNVD-2011-5302 // VULHUB: VHN-52804 // VULMON: CVE-2011-4859 // BID: 51046 // JVNDB: JVNDB-2011-003477 // PACKETSTORM: 108988 // PACKETSTORM: 107894 // CNNVD: CNNVD-201112-231 // CNNVD: CNNVD-201112-344 // NVD: CVE-2011-4859

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-346-01.pdf

Trust: 3.0

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-12-020-03.pdf

Trust: 2.7

url:http://reversemode.com/index.php?option=com_content&task=view&id=80&itemid=1

Trust: 2.1

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-018-01.pdf

Trust: 2.0

url:http://www.securityfocus.com/bid/51605

Trust: 1.8

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-346-01.pdfhttp

Trust: 1.8

url:http://secunia.com/advisories/47723

Trust: 1.2

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72587

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4859

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4859

Trust: 0.8

url:http://www.securityfocus.com/bid/51046

Trust: 0.7

url:http://www.schneider-electric.com/site/home/index.cfm/ww/?selectcountry=true

Trust: 0.3

url:ics-cert advisory

Trust: 0.3

url:http://secunia.com/company/jobs/

Trust: 0.2

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.2

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.2

url:http://reversemode.com/index.php?option=com_content&task=view&id=80&itemid=1

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://ics-cert.us-cert.gov/advisories/icsa-12-018-01b

Trust: 0.1

url:http://secunia.com/advisories/47723/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47723

Trust: 0.1

url:http://secunia.com/advisories/47723/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47019

Trust: 0.1

url:http://secunia.com/advisories/47019/

Trust: 0.1

url:http://secunia.com/advisories/47019/#comments

Trust: 0.1

sources: CNVD: CNVD-2012-0327 // CNVD: CNVD-2011-5607 // CNVD: CNVD-2011-5303 // CNVD: CNVD-2011-5304 // CNVD: CNVD-2011-5302 // VULHUB: VHN-52804 // VULMON: CVE-2011-4859 // BID: 51046 // JVNDB: JVNDB-2011-003477 // PACKETSTORM: 108988 // PACKETSTORM: 107894 // CNNVD: CNNVD-201112-231 // CNNVD: CNNVD-201112-344 // NVD: CVE-2011-4859

CREDITS

Rub?n Santamarta

Trust: 0.6

sources: CNNVD: CNNVD-201112-231

SOURCES

db:IVDid:4cffae96-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0327
db:CNVDid:CNVD-2011-5607
db:CNVDid:CNVD-2011-5303
db:CNVDid:CNVD-2011-5304
db:CNVDid:CNVD-2011-5302
db:VULHUBid:VHN-52804
db:VULMONid:CVE-2011-4859
db:BIDid:51046
db:JVNDBid:JVNDB-2011-003477
db:PACKETSTORMid:108988
db:PACKETSTORMid:107894
db:CNNVDid:CNNVD-201112-231
db:CNNVDid:CNNVD-201112-344
db:NVDid:CVE-2011-4859

LAST UPDATE DATE

2024-08-14T13:49:01.194000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0327date:2012-02-01T00:00:00
db:CNVDid:CNVD-2011-5607date:2011-12-20T00:00:00
db:CNVDid:CNVD-2011-5303date:2011-12-15T00:00:00
db:CNVDid:CNVD-2011-5304date:2011-12-15T00:00:00
db:CNVDid:CNVD-2011-5302date:2011-12-15T00:00:00
db:VULHUBid:VHN-52804date:2017-08-29T00:00:00
db:VULMONid:CVE-2011-4859date:2017-08-29T00:00:00
db:BIDid:51046date:2013-09-25T00:15:00
db:JVNDBid:JVNDB-2011-003477date:2011-12-21T00:00:00
db:CNNVDid:CNNVD-201112-231date:2011-12-15T00:00:00
db:CNNVDid:CNNVD-201112-344date:2012-01-06T00:00:00
db:NVDid:CVE-2011-4859date:2017-08-29T01:30:36.817

SOURCES RELEASE DATE

db:IVDid:4cffae96-2354-11e6-abef-000c29c66e3ddate:2011-12-20T00:00:00
db:CNVDid:CNVD-2012-0327date:2012-02-01T00:00:00
db:CNVDid:CNVD-2011-5607date:2011-12-20T00:00:00
db:CNVDid:CNVD-2011-5303date:2011-12-15T00:00:00
db:CNVDid:CNVD-2011-5304date:2011-12-15T00:00:00
db:CNVDid:CNVD-2011-5302date:2011-12-15T00:00:00
db:VULHUBid:VHN-52804date:2011-12-17T00:00:00
db:VULMONid:CVE-2011-4859date:2011-12-17T00:00:00
db:BIDid:51046date:2011-12-13T00:00:00
db:JVNDBid:JVNDB-2011-003477date:2011-12-21T00:00:00
db:PACKETSTORMid:108988date:2012-01-23T08:11:38
db:PACKETSTORMid:107894date:2011-12-15T08:07:24
db:CNNVDid:CNNVD-201112-231date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201112-344date:2011-12-20T00:00:00
db:NVDid:CVE-2011-4859date:2011-12-17T11:55:11.917