CVE-2020-16231

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-16231
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-026-02 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:bachmann:mx207_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mx207:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:bachmann:mx213_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mx213:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:bachmann:mx220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mx220:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:bachmann:mc206_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mc206:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:bachmann:mc212_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mc212:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:bachmann:mc220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mc220:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:bachmann:mh230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mh230:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:bachmann:mc205_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mc205:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:bachmann:mc210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mc210:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:bachmann:mh212_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mh212:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:bachmann:me203_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:me203:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:bachmann:cs200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:cs200:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:bachmann:mp213_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mp213:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:bachmann:mp226_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mp226:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:bachmann:mpc240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mpc240:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:bachmann:mpc265_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mpc265:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:bachmann:mpc270_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mpc270:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:bachmann:mpc293_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mpc293:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:bachmann:mpe270_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mpe270:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:bachmann:cpc210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:cpc210:-:*:*:*:*:*:*:*
History

08 Jun 2022, 14:47

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : 6.5
v3 : 8.8
References (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-21-026-02 - (MISC) https://www.cisa.gov/uscert/ics/advisories/icsa-21-026-02 - Third Party Advisory, US Government Resource
CPE cpe:2.3:h:bachmann:mx213:-:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mx220:-:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mh212_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mx213_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mpc293:-:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mc220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mx220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mp226:-:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mpe270:-:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:me203:-:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mpc270:-:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:cs200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mc210:-:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mc212_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:cpc210:-:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mc205:-:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mh230:-:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mh212:-:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mp213:-:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mp213_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mpc265_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mx207:-:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mc210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mpc293_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mpc240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mc206:-:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:me203_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:cs200:-:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mpc265:-:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mpc270_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mx207_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mc220:-:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mp226_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mpe270_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mc205_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mc212:-:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mh230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:bachmann:mpc240:-:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:cpc210_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:bachmann:mc206_firmware:*:*:*:*:*:*:*:*
First Time Bachmann me203
Bachmann mx220
Bachmann mx207 Firmware
Bachmann cpc210
Bachmann mh212
Bachmann mc210
Bachmann mc220 Firmware
Bachmann mc210 Firmware
Bachmann mp213 Firmware
Bachmann mpc240
Bachmann mp226
Bachmann
Bachmann mc206 Firmware
Bachmann mpe270
Bachmann cs200 Firmware
Bachmann mh230
Bachmann mpc240 Firmware
Bachmann me203 Firmware
Bachmann mp226 Firmware
Bachmann mpc270 Firmware
Bachmann cpc210 Firmware
Bachmann mh212 Firmware
Bachmann mc206
Bachmann mx213
Bachmann mpc265 Firmware
Bachmann mpc270
Bachmann mc212 Firmware
Bachmann mpc265
Bachmann mx207
Bachmann mc205 Firmware
Bachmann mc220
Bachmann mpc293
Bachmann cs200
Bachmann mp213
Bachmann mx213 Firmware
Bachmann mpe270 Firmware
Bachmann mh230 Firmware
Bachmann mx220 Firmware
Bachmann mpc293 Firmware
Bachmann mc212
Bachmann mc205

19 May 2022, 18:32

Type Values Removed Values Added
New CVE
Information

Published : 2022-05-19 18:15

Updated : 2023-12-10 14:22

NVD link : CVE-2020-16231

Mitre link : CVE-2020-16231

CVE.ORG link : CVE-2020-16231

JSON object : View

Products Affected

bachmann

  • mh230
  • mpe270_firmware
  • cpc210_firmware
  • mc220
  • mx213
  • mc206_firmware
  • mp226
  • mpc270
  • me203
  • mx207_firmware
  • mh230_firmware
  • mp226_firmware
  • mc206
  • mpe270
  • cs200
  • mx220_firmware
  • mx207
  • me203_firmware
  • mpc240_firmware
  • mp213_firmware
  • cs200_firmware
  • mpc293
  • mx220
  • mx213_firmware
  • mc212
  • mc205
  • mpc265_firmware
  • cpc210
  • mh212_firmware
  • mp213
  • mc220_firmware
  • mpc265
  • mc212_firmware
  • mc210_firmware
  • mpc240
  • mpc270_firmware
  • mc210
  • mpc293_firmware
  • mh212
  • mc205_firmware
CWE
CWE-916

Use of Password Hash With Insufficient Computational Effort