MidnightBSD

Advisories for grundfos

CVE-2020-10605 MEDIUM

Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,CWE-306,

Products Affected

Vendor Product Version
grundfos cim_500_firmware *
CVE-2020-10609 MEDIUM

Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-256,CWE-522,

Products Affected

Vendor Product Version
grundfos cim_500 06.16.00