Versio.io

CVE-2020-16231

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 19-05-2022 08:15
Last modified: - 08-06-2022 04:47
Total changes: - 2

Description

The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
8.8
Base score
2.8
5.9
Exploitability score
Impact score
 

Verification logic

OR
AND
OR
vendor=bachmann AND product=mx207_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mx207 AND version=-
AND
OR
vendor=bachmann AND product=mx213_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mx213 AND version=-
AND
OR
vendor=bachmann AND product=mx220_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mx220 AND version=-
AND
OR
vendor=bachmann AND product=mc206_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mc206 AND version=-
AND
OR
vendor=bachmann AND product=mc212_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mc212 AND version=-
AND
OR
vendor=bachmann AND product=mc220_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mc220 AND version=-
AND
OR
vendor=bachmann AND product=mh230_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mh230 AND version=-
AND
OR
vendor=bachmann AND product=mc205_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mc205 AND version=-
AND
OR
vendor=bachmann AND product=mc210_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mc210 AND version=-
AND
OR
vendor=bachmann AND product=mh212_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mh212 AND version=-
AND
OR
vendor=bachmann AND product=me203_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=me203 AND version=-
AND
OR
vendor=bachmann AND product=cs200_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=cs200 AND version=-
AND
OR
vendor=bachmann AND product=mp213_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mp213 AND version=-
AND
OR
vendor=bachmann AND product=mp226_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mp226 AND version=-
AND
OR
vendor=bachmann AND product=mpc240_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mpc240 AND version=-
AND
OR
vendor=bachmann AND product=mpc265_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mpc265 AND version=-
AND
OR
vendor=bachmann AND product=mpc270_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mpc270 AND version=-
AND
OR
vendor=bachmann AND product=mpc293_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mpc293 AND version=-
AND
OR
vendor=bachmann AND product=mpe270_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=mpe270 AND version=-
AND
OR
vendor=bachmann AND product=cpc210_firmware AND versionStartIncluding=1.06.14
OR
vendor=bachmann AND product=cpc210 AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2020-16231

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.