CVE-2019-6560 - Vulnerability Details - OpenCVE

In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00198.

Key SSVC decision points have not yet been added.

Vendors	Products
Auto-maskin	Dcu 210 Dcu 210 Firmware Marine Pro Observer Rp210e Rp210e Firmware

Configuration 1 [-]

AND

cpe:2.3:o:auto-maskin:rp210e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:auto-maskin:rp210e:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:auto-maskin:dcu_210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:auto-maskin:dcu_210:-:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-16119	In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.us-cert.gov/ics/advisories/icsa-20-051-04

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2020-03-23T19:37:33

Updated: 2024-08-04T20:23:21.498Z

Reserved: 2019-01-22T00:00:00

Link: CVE-2019-6560

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-03-23T20:15:11.667

Modified: 2024-11-21T04:46:41.797

Link: CVE-2019-6560

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)"}]}], "descriptions": [{"lang": "en", "value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-640", "description": "WEAK PASSWORD RECOVERY MECHANISM FOR FORGOTTEN PASSWORD CWE-640", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-23T19:37:33", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-6560", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)", "version": {"version_data": [{"version_value": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "WEAK PASSWORD RECOVERY MECHANISM FOR FORGOTTEN PASSWORD CWE-640"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:23:21.498Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-6560", "datePublished": "2020-03-23T19:37:33", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:21.498Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:auto-maskin:rp210e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2261F7F-38D7-4904-8FA5-92059D131B4F", "versionEndIncluding": "3.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:auto-maskin:rp210e:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDE9B393-2C5D-47E2-9A5E-171DCFE2D565", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:auto-maskin:dcu_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C357686B-0BA6-4991-B7CF-8CBB897C1FBD", "versionEndIncluding": "3.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:auto-maskin:dcu_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C8687D1-3A36-464D-BE9E-04198E31C16E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*", "matchCriteriaId": "D9050A5F-13F4-44EC-B1C9-8DB90508AA8D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."}, {"lang": "es", "value": "En Auto-Maskin RP210E Versiones 3.7 y anteriores, DCU210E Versiones 3.7 y anteriores y Marine Observer Pro (aplicaci\u00f3n de Android), el software contiene un mecanismo para que los usuarios recuperen o cambien sus contrase\u00f1as sin conocer la contrase\u00f1a original, pero el mecanismo es d\u00e9bil."}], "id": "CVE-2019-6560", "lastModified": "2024-11-21T04:46:41.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-23T20:15:11.667", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-640"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-640"}], "source": "nvd@nist.gov", "type": "Primary"}]}