Use of Password Hash With Insufficient Computational Effort in Bachmann Electronic M1 System Processor Modules
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2020-16231 |
| CWE-ID | CWE-916 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
MX207 Hardware solutions / Firmware MX213 Hardware solutions / Firmware MX220 Hardware solutions / Firmware MC206 Hardware solutions / Firmware MC212 Hardware solutions / Firmware MC220 Hardware solutions / Firmware MH230 Hardware solutions / Firmware MC205 Hardware solutions / Firmware MC210 Hardware solutions / Firmware MH212 Hardware solutions / Firmware ME203 Hardware solutions / Firmware CS200 Hardware solutions / Firmware MP213 Hardware solutions / Firmware MP226 Hardware solutions / Firmware MPC240 Hardware solutions / Firmware MPC265 Hardware solutions / Firmware MPC270 Hardware solutions / Firmware MPC293 Hardware solutions / Firmware MPE270 Hardware solutions / Firmware CPC210 Hardware solutions / Firmware M-Base Operating System Operating systems & Components / Operating system |
| Vendor | Bachmann electronic GmbH |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use of Password Hash With Insufficient Computational Effort
EUVDB-ID: #VU54513
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-16231
CWE-ID:
CWE-916 - Use of Password Hash With Insufficient Computational Effort
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to the affected M-Base Controllers use weak cryptography to protect device passwords. A remote administrator can gain access to the password hashes.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMX207: All versions
MX213: All versions
MX220: All versions
MC206: All versions
MC212: All versions
MC220: All versions
MH230: All versions
MC205: All versions
MC210: All versions
MH212: All versions
ME203: All versions
CS200: All versions
MP213: All versions
MP226: All versions
MPC240: All versions
MPC265: All versions
MPC270: All versions
MPC293: All versions
MPE270: All versions
CPC210: All versions
M-Base Operating System: 1.06.14
CPE2.3- cpe:2.3:h:bachmann_electronic_gmbh:mx207:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mx213:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mx220:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mc206:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mc212:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mc220:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mh230:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mc205:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mc210:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mh212:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:me203:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:cs200:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mp213:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mp226:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mpc240:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mpc265:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mpc270:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mpc293:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:mpe270:*:*:*:*:*:*:*:*
- cpe:2.3:h:bachmann_electronic_gmbh:cpc210:*:*:*:*:*:*:*:*
- cpe:2.3:o:bachmann_electronic_gmbh:m-base_operating_system:*:*:*:*:*:*:*:*
https://ics-cert.us-cert.gov/advisories/icsa-21-026-01-0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
