Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
All Bachmann M1 System Processor Modules - Use of Password Hash with Insufficient Computational Effort
Vulnerability Description
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
使用具有不充分计算复杂性的口令哈希
Vulnerability Title
Bachmann Electronic All M-Base Controllers 加密问题漏洞
Vulnerability Description
Bachmann Electronic All M-Base Controllers是德国Bachmann公司的一个控制器系统,用于控制网络。 Bachmann Electronic All M-Base Controllers 中存在加密问题漏洞,该漏洞源于未正确使用相关密码算法,导致密码未被正确加密。攻击者可在目标设备使用level 4等级时获得用户密钥信息。
CVSS Information
N/A
Vulnerability Type
N/A