CVE-2011-4861

CWE-2643 documents3 sources

Severity

10.0CRITICAL

EPSS

1.4%

top 19.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Quantum Ethernet Module 140noe77100 Schneider-electric Quantum Ethernet Module 140noe77101 Schneider-electric Quantum Ethernet Module 140noe77111

Timeline

PublishedDec 17

Latest updateMay 17

Description

The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDschneider-electric/quantum_ethernet_module_140noe771003.3+1

▶NVDschneider-electric/quantum_ethernet_module_140noe771014.9

▶NVDschneider-electric/quantum_ethernet_module_140noe771115.0

🔴Vulnerability Details

GHSA

GHSA-qjpg-9j88-997j: The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows rem↗2022-05-17

▶

CVEList

CVE-2011-4861: The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows rem↗2011-12-17

▶