CVE-2019-6560 - OpenCVE

In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Auto-maskin	Dcu 210 Dcu 210 Firmware Marine Pro Observer Rp210e Rp210e Firmware

Configuration 1 [-]

AND

cpe:2.3:o:auto-maskin:rp210e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:auto-maskin:rp210e:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:auto-maskin:dcu_210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:auto-maskin:dcu_210:-:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*

No data.

References

Link	Providers
https://www.us-cert.gov/ics/advisories/icsa-20-051-04

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2020-03-23T19:37:33

Updated: 2024-08-04T20:23:21.498Z

Reserved: 2019-01-22T00:00:00

Link: CVE-2019-6560

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-03-23T20:15:11.667

Modified: 2020-03-25T16:32:09.863

Link: CVE-2019-6560

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)"}]}], "descriptions": [{"lang": "en", "value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-640", "description": "WEAK PASSWORD RECOVERY MECHANISM FOR FORGOTTEN PASSWORD CWE-640", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-23T19:37:33", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-6560", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)", "version": {"version_data": [{"version_value": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "WEAK PASSWORD RECOVERY MECHANISM FOR FORGOTTEN PASSWORD CWE-640"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:23:21.498Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-6560", "datePublished": "2020-03-23T19:37:33", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:21.498Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:auto-maskin:rp210e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2261F7F-38D7-4904-8FA5-92059D131B4F", "versionEndIncluding": "3.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:auto-maskin:rp210e:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDE9B393-2C5D-47E2-9A5E-171DCFE2D565", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:auto-maskin:dcu_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C357686B-0BA6-4991-B7CF-8CBB897C1FBD", "versionEndIncluding": "3.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:auto-maskin:dcu_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C8687D1-3A36-464D-BE9E-04198E31C16E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*", "matchCriteriaId": "D9050A5F-13F4-44EC-B1C9-8DB90508AA8D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."}, {"lang": "es", "value": "En Auto-Maskin RP210E Versiones 3.7 y anteriores, DCU210E Versiones 3.7 y anteriores y Marine Observer Pro (aplicaci\u00f3n de Android), el software contiene un mecanismo para que los usuarios recuperen o cambien sus contrase\u00f1as sin conocer la contrase\u00f1a original, pero el mecanismo es d\u00e9bil."}], "id": "CVE-2019-6560", "lastModified": "2020-03-25T16:32:09.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-23T20:15:11.667", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-640"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-640"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}