bachmann mx207_firmware 使用具有不充分计算复杂性的口令哈希
CVE编号
CVE-2020-16231利用情况
暂无补丁情况
N/A披露时间
2022-05-20漏洞描述
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-026-02 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | bachmann | cpc210_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | cs200_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mc205_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mc206_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mc210_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mc212_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mc220_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | me203_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mh212_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mh230_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mp213_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mp226_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mpc240_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mpc265_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mpc270_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mpc293_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mpe270_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mx207_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mx213_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | bachmann | mx220_firmware | * | From (including) 1.06.14 | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | cpc210 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | cs200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mc205 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mc206 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mc210 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mc212 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mc220 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | me203 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mh212 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mh230 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mp213 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mp226 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mpc240 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mpc265 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mpc270 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mpc293 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mpe270 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mx207 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mx213 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | bachmann | mx220 | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 低
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
| CWE-ID | 漏洞类型 |
| CWE-916 | 使用具有不充分计算复杂性的口令哈希 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论