Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use of Hard-coded Cryptographic Key
Vulnerability Description
Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
Bosch Amc2 信任管理问题漏洞
Vulnerability Description
Bosch Amc2是德国Bosch公司的一个访问模块化控制器。 Bosch AMC2 存在信任管理问题漏洞,该漏洞源于攻击者可以从固件中检索密钥以解密 AMC2 和主机系统之间的网络流量。 因此,攻击者可以利用此漏洞来解密和修改网络流量,解密并进一步调查设备的固件文件,并更改设备配置。
CVSS Information
N/A
Vulnerability Type
N/A