CVE-2011-4859: The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the ...

Description

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

Metrics

EPSS Probability

4.04%

89.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Schneider-Electric	Quantum Ethernet Module 140cpu65150	<= 3.5
Schneider-Electric	Quantum Ethernet Module 140cpu65160	<= 3.5
Schneider-Electric	Quantum Ethernet Module 140cpu65260	<= 3.5
Schneider-Electric	Quantum Ethernet Module 140noe77100	<= 3.3
Schneider-Electric	Quantum Ethernet Module 140noe77100	<= 3.4
Schneider-Electric	Quantum Ethernet Module 140noe77101	<= 4.9
Schneider-Electric	Quantum Ethernet Module 140noe77111	<= 5.0
Schneider-Electric	Premium Ethernet Module Tsxety4103	<= 5.0
Schneider-Electric	Premium Ethernet Module Tsxety5103	<= 5.0
Schneider-Electric	Premium Ethernet Module Tsxp57163m	<= 4.9
Schneider-Electric	Premium Ethernet Module Tsxp572634m	<= 4.9
Schneider-Electric	Premium Ethernet Module Tsxp573634m	<= 4.9
Schneider-Electric	Premium Ethernet Module Tsxp574634m	<= 3.5
Schneider-Electric	Premium Ethernet Module Tsxp575634m	<= 3.5
Schneider-Electric	Premium Ethernet Module Tsxp576634m	<= 3.5
Schneider-Electric	M340 Ethernet Module Bmxnoe0100	<= 2.3
Schneider-Electric	M340 Ethernet Module Bmxnoe0110	<= 4.65
Schneider-Electric	M340 Ethernet Module Bmxp342020	<= 2.2
Schneider-Electric	M340 Ethernet Module Bmxp342030	<= 2.2
Schneider-Electric	Stb Dio Ethernet Module Stbnic2212	<= 2.10
Schneider-Electric	Stb Dio Ethernet Module Stbnip2212	<= 2.73
Schneider-Electric	Stb Dio Ethernet Module Stbnip2311	<= 3.01

References

Timeline

Published: Dec 17, 2011
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-4859?

The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded passwords for the (1) AUTCSE, (2) AUT_CSE, (3) fdrusers, (4) ftpuser, (5) loader, (6) nic2212, (7) nimrohs2212, (8) nip2212, (9) noe77111_v500, (10) ntpupdate, (11) pcfactory, (12) sysdiag, (13) target, (14) test, (15) USER, and (16) webserver accounts, which makes it easier for remote attackers to obtain access via the (a) TELNET, (b) Windriver Debug, or (c) FTP port.

How severe is CVE-2011-4859?

Severity scoring for CVE-2011-4859 is pending analysis. The EPSS model estimates a 4.04% probability of exploitation in the next 30 days.

How do I fix CVE-2011-4859?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.