Schneider Electric Quantum Ethernet Module Hard-Coded Credentials (CVE-2011-4859)

2022-02-0700:00:00

www.tenable.com

schneider electric

quantum ethernet module

hard-coded credentials

cve-2011-4859

tenable.ot

telnet

windriver debug

ftp

remote attackers

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.041

Percentile

92.3%

JSON

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or © FTP port.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(500250);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/04");

  script_cve_id("CVE-2011-4859");
  script_xref(name:"ICSA", value:"12-018-01");
  script_xref(name:"Secunia", value:"47723");

  script_name(english:"Schneider Electric Quantum Ethernet Module Hard-Coded Credentials (CVE-2011-4859)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium
TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules,
uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7)
nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15)
USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b)
Windriver Debug, or (c) FTP port.   

This plugin only works with Tenable.ot. Please visit
https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf");
  # http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?77214159");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/51605");
  script_set_attribute(attribute:"see_also", value:"http://secunia.com/advisories/47723");
  script_set_attribute(attribute:"see_also", value:"http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf");
  script_set_attribute(attribute:"see_also", value:"http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf");
  script_set_attribute(attribute:"see_also", value:"https://exchange.xforce.ibmcloud.com/vulnerabilities/72587");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-4859");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/12/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:quantum_ethernet_module_140cpu65150");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:quantum_ethernet_module_140cpu65160");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:quantum_ethernet_module_140cpu65260");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:quantum_ethernet_module_140noe77101");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:quantum_ethernet_module_140noe77111");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:quantum_ethernet_module_140noe77100");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:premium_ethernet_module_tsxp573634m");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:premium_ethernet_module_tsxp574634m");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:premium_ethernet_module_tsxp575634m");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:premium_ethernet_module_tsxp576634m");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:premium_ethernet_module_tsxety4103");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:premium_ethernet_module_tsxety5103");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:premium_ethernet_module_tsxp57163m");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:premium_ethernet_module_tsxp572634m");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:m340_ethernet_module_bmxnoe0110");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:m340_ethernet_module_bmxnoe0100");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:m340_ethernet_module_bmxp342030");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:schneider-electric:m340_ethernet_module_bmxp342020");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Schneider");

  exit(0);
}

include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Schneider');

var asset = tenable_ot::assets::get(vendor:'Schneider');

var vuln_cpes = {
    "cpe:/a:schneider-electric:quantum_ethernet_module_140cpu65150" :
        {"versionEndIncluding" : "3.5", "family" : "QuantumUnity"},
    "cpe:/a:schneider-electric:quantum_ethernet_module_140cpu65160" :
        {"versionEndIncluding" : "3.5", "family" : "QuantumUnity"},
    "cpe:/a:schneider-electric:quantum_ethernet_module_140cpu65260" :
        {"versionEndIncluding" : "3.5", "family" : "QuantumUnity"},
    "cpe:/a:schneider-electric:quantum_ethernet_module_140noe77101" :
        {"versionEndIncluding" : "4.9", "family" : "QuantumUnityCP"},
    "cpe:/a:schneider-electric:quantum_ethernet_module_140noe77111" :
        {"versionEndIncluding" : "5.0", "family" : "QuantumUnityCP"},
    "cpe:/a:schneider-electric:quantum_ethernet_module_140noe77100" :
        {"versionEndIncluding" : "3.3", "family" : "QuantumUnityCP"},
    "cpe:/a:schneider-electric:premium_ethernet_module_tsxp573634m" :
        {"versionEndIncluding" : "4.9", "family" : "Premium"},
    "cpe:/a:schneider-electric:premium_ethernet_module_tsxp574634m" :
        {"versionEndIncluding" : "3.5", "family" : "Premium"},
    "cpe:/a:schneider-electric:premium_ethernet_module_tsxp575634m" :
        {"versionEndIncluding" : "3.5", "family" : "Premium"},
    "cpe:/a:schneider-electric:premium_ethernet_module_tsxp576634m" :
        {"versionEndIncluding" : "3.5", "family" : "Premium"},
    "cpe:/a:schneider-electric:premium_ethernet_module_tsxety4103" :
        {"versionEndIncluding" : "5.0", "family" : "PremiumCP"},
    "cpe:/a:schneider-electric:premium_ethernet_module_tsxety5103" :
        {"versionEndIncluding" : "5.0", "family" : "PremiumCP"},
    "cpe:/a:schneider-electric:premium_ethernet_module_tsxp57163m" :
        {"versionEndIncluding" : "4.9", "family" : "Premium"},
    "cpe:/a:schneider-electric:premium_ethernet_module_tsxp572634m" :
        {"versionEndIncluding" : "4.9", "family" : "Premium"},
    "cpe:/a:schneider-electric:m340_ethernet_module_bmxnoe0110" :
        {"versionEndIncluding" : "4.65", "family" : "ModiconM340M580CP"},
    "cpe:/a:schneider-electric:m340_ethernet_module_bmxnoe0100" :
        {"versionEndIncluding" : "2.3", "family" : "ModiconM340M580CP"},
    "cpe:/a:schneider-electric:m340_ethernet_module_bmxp342030" :
        {"versionEndIncluding" : "2.2", "family" : "ModiconM340"},
    "cpe:/a:schneider-electric:m340_ethernet_module_bmxp342020" :
        {"versionEndIncluding" : "2.2", "family" : "ModiconM340"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);