CVE-2011-4861

Schneider Electric Quantum Ethernet Module 140NOE771* < 3.3/4.9/5.0 - Unauthenticated Firmware Installation via MODBUS

Title source: llm

Description

The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502.

References (1)

Core 1

Core References

Exploit x_refsource_misc

http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1

Scores

EPSS 0.0140

EPSS Percentile 80.6%

Details

CWE

CWE-264

Status published

Products (3)

schneider-electric/quantum_ethernet_module_140noe77100 < 3.3

schneider-electric/quantum_ethernet_module_140noe77101 < 4.9

schneider-electric/quantum_ethernet_module_140noe77111 < 5.0

Published Dec 17, 2011

Tracked Since Feb 18, 2026