CVE-2020-16231 - OpenCVE

The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bachmann	Cpc210 Cpc210 Firmware Cs200 Cs200 Firmware Mc205 Mc205 Firmware Mc206 Mc206 Firmware Mc210 Mc210 Firmware Mc212 Mc212 Firmware Mc220 Mc220 Firmware Me203 Me203 Firmware Mh212 Mh212 Firmware Mh230 Mh230 Firmware Mp213 Mp213 Firmware Mp226 Mp226 Firmware Mpc240 Mpc240 Firmware Mpc265 Mpc265 Firmware Mpc270 Mpc270 Firmware Mpc293 Mpc293 Firmware Mpe270 Mpe270 Firmware Mx207 Mx207 Firmware Mx213 Mx213 Firmware Mx220 Mx220 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:bachmann:mx207_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mx207:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:bachmann:mx213_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mx213:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:bachmann:mx220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mx220:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:bachmann:mc206_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mc206:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:bachmann:mc212_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mc212:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:bachmann:mc220_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mc220:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:bachmann:mh230_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mh230:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:bachmann:mc205_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mc205:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:bachmann:mc210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mc210:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:bachmann:mh212_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mh212:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:bachmann:me203_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:me203:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:bachmann:cs200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:cs200:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:bachmann:mp213_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mp213:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:bachmann:mp226_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mp226:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:bachmann:mpc240_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mpc240:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:bachmann:mpc265_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mpc265:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:bachmann:mpc270_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mpc270:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:bachmann:mpc293_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mpc293:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:bachmann:mpe270_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:mpe270:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:bachmann:cpc210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bachmann:cpc210:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsa-21-026-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-05-19T17:21:37

Updated: 2024-08-04T13:37:54.211Z

Reserved: 2020-07-31T00:00:00

Link: CVE-2020-16231

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-19T18:15:08.487

Modified: 2022-06-08T14:47:49.240

Link: CVE-2020-16231

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object