8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
60.0%
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.
CPE | Name | Operator | Version |
---|---|---|---|
bachmann:mx207_firmware | bachmann mx207 firmware | eq | * |
[
{
"product": "M1 Hardware Controller MX207",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MX213",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MX220",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MC206",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MC212",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MC220",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MH230",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MC205",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MC210",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MH212",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller ME203",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller CS200",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MP213",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MP226",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MPC240",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MPC265",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MPC270",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MPC293",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller MPE270",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
},
{
"product": "M1 Hardware Controller CPC210",
"vendor": "Bachmann Electronic, GmbH",
"versions": [
{
"lessThan": "All*",
"status": "affected",
"version": "MSYS v1.06.14",
"versionType": "custom"
}
]
}
]
More
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
60.0%