The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.
More Stories
xen-4.17.5-2.fc39
FEDORA-2024-020dbf247c Packages in this update: xen-4.17.5-2.fc39 Update description: x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817] update to xen-4.17.5 Read More
xen-4.18.3-2.fc40
FEDORA-2024-051cf1553e Packages in this update: xen-4.18.3-2.fc40 Update description: x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817] Read More
xen-4.19.0-4.fc41
FEDORA-2024-60809cb44e Packages in this update: xen-4.19.0-4.fc41 Update description: x86: Deadlock in vlapic_error() [XSA-462, CVE-2024-45817] Read More
USN-7031-2: Puma vulnerability
USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS. This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu...
USN-7031-1: Puma vulnerability
It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite...
USN-7030-1: py7zr vulnerability
It was discovered that py7zr was vulnerable to path traversal attacks. If a user or automated system were tricked into...