MidnightBSD

Advisories for bachmann

CVE-2020-16231 MEDIUM

The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
ics-cert@hq.dhs.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-916,CWE-916,

Products Affected

Vendor Product Version
bachmann mc206_firmware *
bachmann cpc210_firmware *
bachmann mc205_firmware *
bachmann mp213_firmware *
bachmann mc220_firmware *
bachmann mp226_firmware *
bachmann mx220_firmware *
bachmann mpc240_firmware *
bachmann mpe270_firmware *
bachmann mc212_firmware *
bachmann me203_firmware *
bachmann mh230_firmware *
bachmann mc210_firmware *
bachmann mh212_firmware *
bachmann mpc270_firmware *
bachmann cs200_firmware *
bachmann mpc265_firmware *
bachmann mpc293_firmware *
bachmann mx207_firmware *
bachmann mx213_firmware *