Lucene search

K
cve[email protected]CVE-2020-16231
HistoryMay 19, 2022 - 6:15 p.m.

CVE-2020-16231

2022-05-1918:15:08
CWE-916
web.nvd.nist.gov
32
11
cve-2020-16231
bachmann electronic
m-base controllers
weak cryptography
device passwords
remote access
security vulnerability
cve

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.0%

The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.

Affected configurations

NVD
Node
bachmannmx207_firmwareRange1.06.14
AND
bachmannmx207Match-
Node
bachmannmx213_firmwareRange1.06.14
AND
bachmannmx213Match-
Node
bachmannmx220_firmwareRange1.06.14
AND
bachmannmx220Match-
Node
bachmannmc206_firmwareRange1.06.14
AND
bachmannmc206Match-
Node
bachmannmc212_firmwareRange1.06.14
AND
bachmannmc212Match-
Node
bachmannmc220_firmwareRange1.06.14
AND
bachmannmc220Match-
Node
bachmannmh230_firmwareRange1.06.14
AND
bachmannmh230Match-
Node
bachmannmc205_firmwareRange1.06.14
AND
bachmannmc205Match-
Node
bachmannmc210_firmwareRange1.06.14
AND
bachmannmc210Match-
Node
bachmannmh212_firmwareRange1.06.14
AND
bachmannmh212Match-
Node
bachmannme203_firmwareRange1.06.14
AND
bachmannme203Match-
Node
bachmanncs200_firmwareRange1.06.14
AND
bachmanncs200Match-
Node
bachmannmp213_firmwareRange1.06.14
AND
bachmannmp213Match-
Node
bachmannmp226_firmwareRange1.06.14
AND
bachmannmp226Match-
Node
bachmannmpc240_firmwareRange1.06.14
AND
bachmannmpc240Match-
Node
bachmannmpc265_firmwareRange1.06.14
AND
bachmannmpc265Match-
Node
bachmannmpc270_firmwareRange1.06.14
AND
bachmannmpc270Match-
Node
bachmannmpc293_firmwareRange1.06.14
AND
bachmannmpc293Match-
Node
bachmannmpe270_firmwareRange1.06.14
AND
bachmannmpe270Match-
Node
bachmanncpc210_firmwareRange1.06.14
AND
bachmanncpc210Match-

CNA Affected

[
  {
    "product": "M1 Hardware Controller MX207",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MX213",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MX220",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MC206",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MC212",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MC220",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MH230",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MC205",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MC210",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MH212",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller ME203",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller CS200",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MP213",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MP226",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MPC240",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MPC265",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MPC270",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MPC293",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller MPE270",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "M1 Hardware Controller CPC210",
    "vendor": "Bachmann Electronic, GmbH",
    "versions": [
      {
        "lessThan": "All*",
        "status": "affected",
        "version": "MSYS v1.06.14",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

60.0%

Related for CVE-2020-16231