Detections
Analytics
Schneider Electric Quantum 140NOE771 Network Interface Module Fwupgrade Password Weakness
critical Nessus Network Monitor Plugin ID 720235
Synopsis
Schneider Electric Quantum 140NOE771 Network Interface Module allows remote attackers to generates the password for the fwupgrade account by performing a calculation on the MAC address.Description
The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message.Solution
Perform vendor recommended mitigations and apply available vendor upgrades.See Also
http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1
Plugin Details
Severity: Critical
ID: 720235
Family: SCADA
Published: 5/8/2019
Updated: 9/30/2019
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
Patch Publication Date: 12/17/2011
Vulnerability Publication Date: 12/17/2011
Reference Information
CVE: CVE-2011-4860