Main Vulnerability Database SB2021070207

SB2021070207 - Use of Password Hash With Insufficient Computational Effort in Bachmann Electronic M1 System Processor Modules

Published: July 2, 2021

Security Bulletin ID SB2021070207

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of Password Hash With Insufficient Computational Effort (CVE-ID: CVE-2020-16231)

The vulnerability allows a remote user to compromise the target system.

The vulnerability exists due to the affected M-Base Controllers use weak cryptography to protect device passwords. A remote administrator can gain access to the password hashes.

Remediation

Install update from vendor's website.

References

https://ics-cert.us-cert.gov/advisories/icsa-21-026-01-0

Vulnerable Software

MX207: All versions
MX213: All versions
MX220: All versions
MC206: All versions
MC212: All versions
MC220: All versions
MH230: All versions
MC205: All versions
MC210: All versions
MH212: All versions
ME203: All versions
CS200: All versions
MP213: All versions
MP226: All versions
MPC240: All versions
MPC265: All versions
MPC270: All versions
MPC293: All versions
MPE270: All versions
CPC210: All versions
M-Base Operating System: 1.06.14 and previous versions

SB2021070207 - Use of Password Hash With Insufficient Computational Effort in Bachmann Electronic M1 System Processor Modules

Breakdown by Severity

Description

Remediation

References

Please verify you're human