CVE-2020-16231

EPSS 0.25%
Veröffentlicht 19.05.2022 18:15:08
Zuletzt bearbeitet 21.11.2024 05:06:59
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bachmann ≫ Mx207 Firmware Version >= 1.06.14

Bachmann ≫ Mx207 Version-

Bachmann ≫ Mx213 Firmware Version >= 1.06.14

Bachmann ≫ Mx213 Version-

Bachmann ≫ Mx220 Firmware Version >= 1.06.14

Bachmann ≫ Mx220 Version-

Bachmann ≫ Mc206 Firmware Version >= 1.06.14

Bachmann ≫ Mc206 Version-

Bachmann ≫ Mc212 Firmware Version >= 1.06.14

Bachmann ≫ Mc212 Version-

Bachmann ≫ Mc220 Firmware Version >= 1.06.14

Bachmann ≫ Mc220 Version-

Bachmann ≫ Mh230 Firmware Version >= 1.06.14

Bachmann ≫ Mh230 Version-

Bachmann ≫ Mc205 Firmware Version >= 1.06.14

Bachmann ≫ Mc205 Version-

Bachmann ≫ Mc210 Firmware Version >= 1.06.14

Bachmann ≫ Mc210 Version-

Bachmann ≫ Mh212 Firmware Version >= 1.06.14

Bachmann ≫ Mh212 Version-

Bachmann ≫ Me203 Firmware Version >= 1.06.14

Bachmann ≫ Me203 Version-

Bachmann ≫ Cs200 Firmware Version >= 1.06.14

Bachmann ≫ Cs200 Version-

Bachmann ≫ Mp213 Firmware Version >= 1.06.14

Bachmann ≫ Mp213 Version-

Bachmann ≫ Mp226 Firmware Version >= 1.06.14

Bachmann ≫ Mp226 Version-

Bachmann ≫ Mpc240 Firmware Version >= 1.06.14

Bachmann ≫ Mpc240 Version-

Bachmann ≫ Mpc265 Firmware Version >= 1.06.14

Bachmann ≫ Mpc265 Version-

Bachmann ≫ Mpc270 Firmware Version >= 1.06.14

Bachmann ≫ Mpc270 Version-

Bachmann ≫ Mpc293 Firmware Version >= 1.06.14

Bachmann ≫ Mpc293 Version-

Bachmann ≫ Mpe270 Firmware Version >= 1.06.14

Bachmann ≫ Mpe270 Version-

Bachmann ≫ Cpc210 Firmware Version >= 1.06.14

Bachmann ≫ Cpc210 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.483

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
ics-cert@hq.dhs.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-916 Use of Password Hash With Insufficient Computational Effort

The product generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that would make password cracking attacks infeasible or expensive.

https://www.cisa.gov/uscert/ics/advisories/icsa-21-026-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-16231

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-16231

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-16231

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-16231