Schneider Electric Quantum Ethernet Module Multiple Vulnerabilities
December 12, 2011
Security researcher Rubin Santamarta publicly announced
details of mulitple vulnerabilities affecting the Schneider
Electric Quantum PLC Ethernet Module, and coordinated his
findings with ICS-CERT. The Quantum Ethernet Module is prone
to an authentication-bypass vulnerability.
Attackers can exploit this issue to gain access to the
Telnet port service, Windriver Debug port service, and FTP
service.
Attackers can exploit this vulnerability to execute
arbitrary code within the context of the vulnerable device.
Schnedier has produced a fix for two of the reported
vulnerabilities (as of December 12) and is continuing to
develop additional mitigations.
Affected products include:
Quantum
- 140NOE77101 Firmware Version 4.9 and all previous versions
- 140NOE77111 Firmware Version 5.0 and all previous versions
- 140NOE77100 Firmware Version V3.4 and all previous versions
- 140NOE77110 Firmware Version V3.3 and all previous versions
- 140CPU65150 Firmware Version V3.5 and all previous versions
- 140CPU65160 Firmware Version V3.5 and all previous versions
- 140CPU65260 Firmware Version V3.5 and all previous versions
Premium
- TSXETY4103 Firmware Version V5.0 and all previous versions
- TSXETY5103 Firmware Version V5.0 and all previous versions
- TSXP571634M Firmware Version V4.9 and all previous versions
- TSXP572634M Firmware Version V4.9 and all previous versions
- TSXP573634M Firmware Version V4.9 and all previous versions
- TSXP574634M Firmware Version V3.5 and all previous versions
- TSXP575634M Firmware Version V3.5 and all previous versions
- TSXP576634M Firmware Version V3.5 and all previous versions
M340
- BMXNOE0100 Firmware Version V2.3 and all previous versions
- BMXNOE0110 Firmware Version V4.65 and all previous versions
- BMXP342020 Firmware Version V2.2 and all previous versions
- BMXP342030 Firmware Version V2.2 and all previous versions
STB DIO
- STBNIC2212 Firmware Version V2.10 and all previous versions
- STBNIP2311 Firmware Version V3.01 and all previous versions
- STBNIP2212 Firmware Version V2.73 and all previous versions