CVE-2011-4860

CWE-287 — Improper Authentication3 documents3 sources

Severity

10.0CRITICAL

EPSS

1.6%

top 18.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Quantum Ethernet Module 140noe77100 Schneider-electric Quantum Ethernet Module 140noe77101 Schneider-electric Quantum Ethernet Module 140noe77111

Timeline

PublishedDec 17

Latest updateMay 17

Description

The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDschneider-electric/quantum_ethernet_module_140noe771003.3+1

▶NVDschneider-electric/quantum_ethernet_module_140noe771014.9

▶NVDschneider-electric/quantum_ethernet_module_140noe771115.0

🔴Vulnerability Details

GHSA

GHSA-qp56-x698-cr67: The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the↗2022-05-17

▶

CVEList

CVE-2011-4860: The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the↗2011-12-17

▶