ID

VAR-201112-0253


CVE

CVE-2011-4860


TITLE

NOE 771 device ComputePassword Function Information Disclosure Vulnerability

Trust: 1.4

sources: IVD: 4d13bd00-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5606 // CNNVD: CNNVD-201112-345

DESCRIPTION

The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message. A remote attacker can gain access by means of (1) ARP request information or (2) Neighbor Solicitation information. The firmware provided by Schneider Schneider Electric Quantum Ethernet Module has a hard-coded problem. The built-in hard-coded authentication credentials can be used to access the following services: Telnet port, allowing remote attackers to view the operation of the module firmware, perform denial of service, modify the module memory, execute Arbitrary code. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Schneider Electric Ethernet Modules Undocumented Account Security Issues SECUNIA ADVISORY ID: SA47019 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47019/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47019 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47019/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47019/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47019 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ruben Santamarta has reported some security issues in multiple Schneider Electric modules, which can be exploited by malicious people to bypass certain security restrictions. 1) The Telnet service contains undocumented hardcoded credentials, which can be exploited to gain access to the service and e.g. modify module's memory and execute arbitrary code. 2) The Windriver Debug service contains undocumented hardcoded credentials, which can be exploited to gain access to the service and e.g. modify module's memory and execute arbitrary code. 3) The FTP service contains undocumented hardcoded credentials, which can be exploited to gain access to the service and e.g. modify HTTP passwords and upload malicious firmware. Please see the ICS-CERT's advisory for a list of affected products and versions. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta ORIGINAL ADVISORY: Ruben Santamarta: http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1 ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 4.14

sources: NVD: CVE-2011-4860 // JVNDB: JVNDB-2011-003478 // CNVD: CNVD-2011-5303 // CNVD: CNVD-2011-5304 // CNVD: CNVD-2011-5606 // CNVD: CNVD-2011-5302 // IVD: 4d13bd00-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52805 // PACKETSTORM: 107894

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 2.6

sources: IVD: 4d13bd00-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5303 // CNVD: CNVD-2011-5304 // CNVD: CNVD-2011-5606 // CNVD: CNVD-2011-5302

AFFECTED PRODUCTS

vendor:schneidermodel:electric quantum ethernet modulescope:eqversion:x

Trust: 2.4

vendor:schneider electricmodel:quantum ethernet module 140noe77100scope:lteversion:3.4

Trust: 1.8

vendor:schneider electricmodel:quantum ethernet module 140noe77101scope:lteversion:4.9

Trust: 1.8

vendor:schneider electricmodel:quantum ethernet module 140noe77111scope:lteversion:5.0

Trust: 1.8

vendor:schneider electricmodel:quantum ethernet module 140noe77100scope:lteversion:3.3

Trust: 1.0

vendor:schneider electricmodel:quantum ethernet module 140noe77110scope:lteversion:3.3

Trust: 0.8

vendor:schneider electricmodel:quantum ethernet module 140noe77100scope:eqversion:3.4

Trust: 0.6

vendor:schneider electricmodel:quantum ethernet module 140noe77111scope:eqversion:5.0

Trust: 0.6

vendor:schneider electricmodel:quantum ethernet module 140noe77100scope:eqversion:3.3

Trust: 0.6

vendor:schneider electricmodel:quantum ethernet module 140noe77101scope:eqversion:4.9

Trust: 0.6

vendor:quantum ethernet module 140noe77100model: - scope:eqversion:*

Trust: 0.4

vendor:quantum ethernet module 140noe77101model: - scope:eqversion:*

Trust: 0.2

vendor:quantum ethernet module 140noe77111model: - scope:eqversion:*

Trust: 0.2

sources: IVD: 4d13bd00-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5303 // CNVD: CNVD-2011-5304 // CNVD: CNVD-2011-5606 // CNVD: CNVD-2011-5302 // JVNDB: JVNDB-2011-003478 // CNNVD: CNNVD-201112-345 // NVD: CVE-2011-4860

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4860
value: HIGH

Trust: 1.0

NVD: CVE-2011-4860
value: HIGH

Trust: 0.8

CNVD: CNVD-2011-5606
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201112-345
value: CRITICAL

Trust: 0.6

IVD: 4d13bd00-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-52805
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-4860
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2011-5606
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4d13bd00-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52805
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 4d13bd00-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5606 // VULHUB: VHN-52805 // JVNDB: JVNDB-2011-003478 // CNNVD: CNNVD-201112-345 // NVD: CVE-2011-4860

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-52805 // JVNDB: JVNDB-2011-003478 // NVD: CVE-2011-4860

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201112-231 // CNNVD: CNNVD-201112-345

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201112-345

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003478

PATCH

title:Top Pageurl:http://www.schneider-electric.com

Trust: 0.8

title:γ‚΅γƒγƒΌγƒˆurl:http://www.schneider-electric.co.jp/sites/japan/jp/support/contact/we-care.page

Trust: 0.8

title:Top Pageurl:http://www.schneider-electric.com/site/home/index.cfm/jp/

Trust: 0.8

title:Patch for Schneider Electric Quantum Ether Module Hardcoded Validation Credential Validation Bypass Vulnerability (CNVD-2011-5303)url:https://www.cnvd.org.cn/patchInfo/show/6294

Trust: 0.6

title:Patch for Schneider Electric Quantum Ether Module Hardcoded Validation Credential Validation Bypass Vulnerability (CNVD-2011-5304)url:https://www.cnvd.org.cn/patchInfo/show/6296

Trust: 0.6

title:NOE 771 device ComputePassword function information disclosure vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/37439

Trust: 0.6

title:Patch for Schneider Electric Quantum Ether Module Hardcoded Validation Credential Validation Bypass Vulnerability (CNVD-2011-5302)url:https://www.cnvd.org.cn/patchInfo/show/6297

Trust: 0.6

sources: CNVD: CNVD-2011-5303 // CNVD: CNVD-2011-5304 // CNVD: CNVD-2011-5606 // CNVD: CNVD-2011-5302 // JVNDB: JVNDB-2011-003478

EXTERNAL IDS

db:NVDid:CVE-2011-4860

Trust: 3.3

db:ICS CERT ALERTid:ICS-ALERT-11-346-01

Trust: 2.7

db:BIDid:51046

Trust: 2.4

db:CNNVDid:CNNVD-201112-345

Trust: 0.9

db:CNVDid:CNVD-2011-5606

Trust: 0.8

db:JVNDBid:JVNDB-2011-003478

Trust: 0.8

db:CNVDid:CNVD-2011-5303

Trust: 0.6

db:CNVDid:CNVD-2011-5304

Trust: 0.6

db:CNVDid:CNVD-2011-5302

Trust: 0.6

db:CNNVDid:CNNVD-201112-231

Trust: 0.6

db:IVDid:4D13BD00-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:SECUNIAid:47019

Trust: 0.2

db:VULHUBid:VHN-52805

Trust: 0.1

db:PACKETSTORMid:107894

Trust: 0.1

sources: IVD: 4d13bd00-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5303 // CNVD: CNVD-2011-5304 // CNVD: CNVD-2011-5606 // CNVD: CNVD-2011-5302 // VULHUB: VHN-52805 // JVNDB: JVNDB-2011-003478 // PACKETSTORM: 107894 // CNNVD: CNNVD-201112-231 // CNNVD: CNNVD-201112-345 // NVD: CVE-2011-4860

REFERENCES

url:http://reversemode.com/index.php?option=com_content&task=view&id=80&itemid=1

Trust: 2.3

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-346-01.pdfhttp

Trust: 1.8

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-346-01.pdf

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4860

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4860

Trust: 0.8

url:http://www.securityfocus.com/bid/51046

Trust: 0.6

url:http://reversemode.com/index.php?option=com_content&task=view&id=80&itemid=1

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=47019

Trust: 0.1

url:http://secunia.com/advisories/47019/

Trust: 0.1

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/47019/#comments

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2011-5303 // CNVD: CNVD-2011-5304 // CNVD: CNVD-2011-5606 // CNVD: CNVD-2011-5302 // VULHUB: VHN-52805 // JVNDB: JVNDB-2011-003478 // PACKETSTORM: 107894 // CNNVD: CNNVD-201112-231 // CNNVD: CNNVD-201112-345 // NVD: CVE-2011-4860

CREDITS

Rub?n Santamarta

Trust: 0.6

sources: CNNVD: CNNVD-201112-231

SOURCES

db:IVDid:4d13bd00-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5303
db:CNVDid:CNVD-2011-5304
db:CNVDid:CNVD-2011-5606
db:CNVDid:CNVD-2011-5302
db:VULHUBid:VHN-52805
db:JVNDBid:JVNDB-2011-003478
db:PACKETSTORMid:107894
db:CNNVDid:CNNVD-201112-231
db:CNNVDid:CNNVD-201112-345
db:NVDid:CVE-2011-4860

LAST UPDATE DATE

2024-08-14T13:49:01.021000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-5303date:2011-12-15T00:00:00
db:CNVDid:CNVD-2011-5304date:2011-12-15T00:00:00
db:CNVDid:CNVD-2011-5606date:2011-12-19T00:00:00
db:CNVDid:CNVD-2011-5302date:2011-12-15T00:00:00
db:VULHUBid:VHN-52805date:2011-12-19T00:00:00
db:JVNDBid:JVNDB-2011-003478date:2011-12-21T00:00:00
db:CNNVDid:CNNVD-201112-231date:2011-12-15T00:00:00
db:CNNVDid:CNNVD-201112-345date:2011-12-19T00:00:00
db:NVDid:CVE-2011-4860date:2011-12-19T19:03:04.233

SOURCES RELEASE DATE

db:IVDid:4d13bd00-2354-11e6-abef-000c29c66e3ddate:2011-12-19T00:00:00
db:CNVDid:CNVD-2011-5303date:2011-12-15T00:00:00
db:CNVDid:CNVD-2011-5304date:2011-12-15T00:00:00
db:CNVDid:CNVD-2011-5606date:2011-12-19T00:00:00
db:CNVDid:CNVD-2011-5302date:2011-12-15T00:00:00
db:VULHUBid:VHN-52805date:2011-12-17T00:00:00
db:JVNDBid:JVNDB-2011-003478date:2011-12-21T00:00:00
db:PACKETSTORMid:107894date:2011-12-15T08:07:24
db:CNNVDid:CNNVD-201112-231date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201112-345date:2011-12-19T00:00:00
db:NVDid:CVE-2011-4860date:2011-12-17T11:55:12.307