Intrusion Prevention

Schneider.Quantum.Module.Backdoor.Access

Description

This indicates detection of a Backdoor Access in Schneider Electric Quantum Ethernet Module.
The vulnerability is due to a default factory account with hard-coded password. Remote attackers can obtain access to the device with this account through FTP access.

Affected Products

The following products and versions are affected:
Quantum
140NOE77101 Firmware V4.9 and all previous versions,
140NOE77111 Firmware V5.0 and all previous versions,
140NOE77100 Firmware V3.4 and all previous versions,
140NOE77110 Firmware V3.3 and all previous versions,
140CPU65150 Firmware V3.5 and all previous versions,
140CPU65160 Firmware V3.5 and all previous versions,
140CPU65260 Firmware V3.5 and all previous versions,
140NOC77100 Firmware V1.01 and all previous versions,
140NOC77101 Firmware V1.01 and all previous versions.
Premium
TSXETY4103 Firmware V5.0 and all previous versions,
TSXETY5103 Firmware V5.0 and all previous versions,
TSXP571634M Firmware V4.9 and all previous versions,
TSXP572634M Firmware V4.9 and all previous versions,
TSXP573634M Firmware V4.9 and all previous versions,
TSXP574634M Firmware V3.5 and all previous versions,
TSXP575634M Firmware V3.5 and all previous versions,
TSXP576634M Firmware V3.5 and all previous versions,
TSXETC101 Firmware V1.01 and all previous versions.
M340
BMXNOE0100 Firmware V2.3 and all previous versions,
BMXNOE0110 Firmware V4.65 and all previous versions,
BMXNOC0401 Firmware V1.01 and all previous versions.
STBNIC2212 Firmware V2.10 and all previous versions,
STBNIP2311 Firmware V3.01 and all previous versions,
STBNIP2212 Firmware V2.73 and all previous versions,
BMXP342020 Firmware V2.2 and all previous versions,
BMXP342030 Firmware V2.2 and all previous versions.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Please visit the vendor website for firmware updates to resolve this issue.
http://www.schneider-electric.com/download/ww/en/results/3541958-SoftwareFirmware/

CVE References

CVE-2011-4859