Vulnerability Description
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schneider-Electric | Quantum Ethernet Module 140Noe77100 | <= 3.3 |
| Schneider-Electric | Quantum Ethernet Module 140Noe77101 | <= 4.9 |
| Schneider-Electric | Quantum Ethernet Module 140Noe77111 | <= 5.0 |
Related Weaknesses (CWE)
References
- http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
- http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
FAQ
What is CVE-2011-4860?
CVE-2011-4860 is a vulnerability with a CVSS score of 10.0 (HIGH). The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing ...
How severe is CVE-2011-4860?
CVE-2011-4860 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4860?
Check the references section above for vendor advisories and patch information. Affected products include: Schneider-Electric Quantum Ethernet Module 140Noe77100, Schneider-Electric Quantum Ethernet Module 140Noe77101, Schneider-Electric Quantum Ethernet Module 140Noe77111.