Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU54513
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16231
CWE-ID:
CWE-916 - Use of Password Hash With Insufficient Computational Effort
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the target system.
The vulnerability exists due to the affected M-Base Controllers use weak cryptography to protect device passwords. A remote administrator can gain access to the password hashes.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMX207: All versions
MX213: All versions
MX220: All versions
MC206: All versions
MC212: All versions
MC220: All versions
MH230: All versions
MC205: All versions
MC210: All versions
MH212: All versions
ME203: All versions
CS200: All versions
MP213: All versions
MP226: All versions
MPC240: All versions
MPC265: All versions
MPC270: All versions
MPC293: All versions
MPE270: All versions
CPC210: All versions
M-Base Operating System: 1.06.14
External linkshttp://ics-cert.us-cert.gov/advisories/icsa-21-026-01-0
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.