CVE-2020-16231
Published: May 19, 2022
Modified: Apr 16, 2025
CVSS v3.1
7.2
Description
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.
| Vendor | Product | Versions |
|---|---|---|
Bachmann Electronic, GmbH | M1 Hardware Controller MX207 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MX213 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MX220 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MC206 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MC212 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MC220 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MH230 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MC205 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MC210 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MH212 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller ME203 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller CS200 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MP213 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MP226 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MPC240 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MPC265 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MPC270 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MPC293 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller MPE270 | affected MSYS v1.06.14 - < All* |
Bachmann Electronic, GmbH | M1 Hardware Controller CPC210 | affected MSYS v1.06.14 - < All* |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now