{
  "schema_version": "1.4.0",
  "id": "GHSA-wrpc-6j6r-gh72",
  "modified": "2022-05-17T01:51:36Z",
  "published": "2022-05-17T01:51:36Z",
  "aliases": [
    "CVE-2011-4859"
  ],
  "details": "The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4859"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72587"
    },
    {
      "type": "WEB",
      "url": "http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/47723"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/51605"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-12-020-03.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-018-01.pdf"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-12-17T11:55:00Z"
  }
}