Search criteria
6 vulnerabilities found for CIM 500 by Grundfos
VAR-202007-0029
Vulnerability from variot - Updated: 2024-11-23 23:04Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files. Grundfos Provided by the company CIM 500 Is Grundfos This is an expansion module that enables data communication using Ethernet in the equipment manufactured by the manufacturer. CIM 500 The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2020-10605 * Plaintext storage of authentication information (CWE-256) - CVE-2020-10609The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party accesses the file containing the password - CVE-2020-10605 * Since the authentication information is stored in plain text in the product, a third party who can access the product can steal sensitive information or change system settings. - CVE-2020-10609. Grundfos CIM 500 is an Ethernet module of Danish Grundfos company.
There is an access control error vulnerability in versions prior to Grundfos CIM 500 v06.16.00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cim 500",
"scope": "lt",
"trust": 1.0,
"vendor": "grundfos",
"version": "06.16.00"
},
{
"model": "cim 500",
"scope": "eq",
"trust": 0.8,
"vendor": "grundfos",
"version": "v06.16.00"
},
{
"model": "cim",
"scope": "eq",
"trust": 0.6,
"vendor": "grundfos",
"version": "500\u003c06.16.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10605"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:misc:grundfos_cim",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcin Dudek from CERT.PL",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10605",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10605",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38413",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10605",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006476",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006476",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-006476",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10605",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-38413",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-357",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
},
{
"db": "NVD",
"id": "CVE-2020-10605"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files. Grundfos Provided by the company CIM 500 Is Grundfos This is an expansion module that enables data communication using Ethernet in the equipment manufactured by the manufacturer. CIM 500 The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2020-10605 * Plaintext storage of authentication information (CWE-256) - CVE-2020-10609The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party accesses the file containing the password - CVE-2020-10605 * Since the authentication information is stored in plain text in the product, a third party who can access the product can steal sensitive information or change system settings. - CVE-2020-10609. Grundfos CIM 500 is an Ethernet module of Danish Grundfos company. \n\r\n\r\nThere is an access control error vulnerability in versions prior to Grundfos CIM 500 v06.16.00",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10605"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNVD",
"id": "CNVD-2020-38413"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10605",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-01",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU91070438",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-38413",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2311",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
},
{
"db": "NVD",
"id": "CVE-2020-10605"
}
]
},
"id": "VAR-202007-0029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
}
]
},
"last_update_date": "2024-11-23T23:04:18.649000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CIM 500",
"trust": 0.8,
"url": "https://product-selection.grundfos.com/sg/products/service-partkit/cim-500-98765358"
},
{
"title": "Patch for Grundfos CIM 500 access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/225331"
},
{
"title": "Grundfos CIM 500 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123259"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
},
{
"problemtype": "CWE-256",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10605"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10605"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10609"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91070438/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10605"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2311/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
},
{
"db": "NVD",
"id": "CVE-2020-10605"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
},
{
"db": "NVD",
"id": "CVE-2020-10605"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-357"
},
{
"date": "2020-07-17T22:15:11.103000",
"db": "NVD",
"id": "CVE-2020-10605"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"date": "2020-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-357"
},
{
"date": "2024-11-21T04:55:41.110000",
"db": "NVD",
"id": "CVE-2020-10605"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grundfos CIM 500 access control error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
],
"trust": 0.6
}
}
VAR-202007-0032
Vulnerability from variot - Updated: 2024-11-23 23:04Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. Grundfos Provided by the company CIM 500 Is Grundfos This is an expansion module that enables data communication using Ethernet in the equipment manufactured by the manufacturer. CIM 500 The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2020-10605 * Plaintext storage of authentication information (CWE-256) - CVE-2020-10609The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party accesses the file containing the password - CVE-2020-10605 * Since the authentication information is stored in plain text in the product, a third party who can access the product can steal sensitive information or change system settings. - CVE-2020-10609. Grundfos CIM 500 is an Ethernet module of Danish Grundfos company.
There was a security vulnerability in Grundfos CIM 500 v06.16.00 before version, which was caused by the program storing credentials in clear text. Attackers can use this vulnerability to read sensitive information or modify system configuration
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cim 500",
"scope": "eq",
"trust": 1.0,
"vendor": "grundfos",
"version": "06.16.00"
},
{
"model": "cim 500",
"scope": "eq",
"trust": 0.8,
"vendor": "grundfos",
"version": "v06.16.00"
},
{
"model": "cim",
"scope": "eq",
"trust": 0.6,
"vendor": "grundfos",
"version": "500\u003c06.16.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10609"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:misc:grundfos_cim",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcin Dudek from CERT.PL",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10609",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10609",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38412",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-10609",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006476",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006476",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-006476",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-10609",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-38412",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-355",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
},
{
"db": "NVD",
"id": "CVE-2020-10609"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. Grundfos Provided by the company CIM 500 Is Grundfos This is an expansion module that enables data communication using Ethernet in the equipment manufactured by the manufacturer. CIM 500 The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2020-10605 * Plaintext storage of authentication information (CWE-256) - CVE-2020-10609The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party accesses the file containing the password - CVE-2020-10605 * Since the authentication information is stored in plain text in the product, a third party who can access the product can steal sensitive information or change system settings. - CVE-2020-10609. Grundfos CIM 500 is an Ethernet module of Danish Grundfos company. \n\r\n\r\nThere was a security vulnerability in Grundfos CIM 500 v06.16.00 before version, which was caused by the program storing credentials in clear text. Attackers can use this vulnerability to read sensitive information or modify system configuration",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10609"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNVD",
"id": "CNVD-2020-38412"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10609",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-01",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU91070438",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-38412",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2311",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47976",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-355",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
},
{
"db": "NVD",
"id": "CVE-2020-10609"
}
]
},
"id": "VAR-202007-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
}
]
},
"last_update_date": "2024-11-23T23:04:18.619000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CIM 500",
"trust": 0.8,
"url": "https://product-selection.grundfos.com/sg/products/service-partkit/cim-500-98765358"
},
{
"title": "Patch for Grundfos CIM 500 Unprotected Credential Storage Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/225333"
},
{
"title": "Grundfos CIM 500 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=123257"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-256",
"trust": 1.8
},
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "CWE-306",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10609"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10605"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10609"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91070438/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47976"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2311/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10609"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
},
{
"db": "NVD",
"id": "CVE-2020-10609"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
},
{
"db": "NVD",
"id": "CVE-2020-10609"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-355"
},
{
"date": "2020-07-27T19:15:13.637000",
"db": "NVD",
"id": "CVE-2020-10609"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"date": "2020-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-355"
},
{
"date": "2024-11-21T04:55:41.577000",
"db": "NVD",
"id": "CVE-2020-10609"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grundfos Made CIM 500 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
],
"trust": 0.6
}
}
CVE-2020-10609 (GCVE-0-2020-10609)
Vulnerability from nvd – Published: 2020-07-27 18:57 – Updated: 2024-09-17 00:02
VLAI?
Summary
Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device.
Severity ?
No CVSS data available.
CWE
- CWE-256 - UNPROTECTED STORAGE OF CREDENTIALS CWE-256
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CIM 500",
"vendor": "Grundfos",
"versions": [
{
"lessThan": "v06.16.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T18:57:42",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-07T15:00:00.000Z",
"ID": "CVE-2020-10609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CIM 500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v06.16.00"
}
]
}
}
]
},
"vendor_name": "Grundfos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10609",
"datePublished": "2020-07-27T18:57:42.479035Z",
"dateReserved": "2020-03-16T00:00:00",
"dateUpdated": "2024-09-17T00:02:05.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10605 (GCVE-0-2020-10605)
Vulnerability from nvd – Published: 2020-07-17 21:55 – Updated: 2024-09-17 02:51
VLAI?
Summary
Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files.
Severity ?
No CVSS data available.
CWE
- CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CIM 500",
"vendor": "Grundfos",
"versions": [
{
"status": "affected",
"version": "before v06.16.00"
}
]
}
],
"datePublic": "2020-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T21:55:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-07T15:00:00.000Z",
"ID": "CVE-2020-10605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CIM 500",
"version": {
"version_data": [
{
"version_value": "before v06.16.00"
}
]
}
}
]
},
"vendor_name": "Grundfos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10605",
"datePublished": "2020-07-17T21:55:36.534259Z",
"dateReserved": "2020-03-16T00:00:00",
"dateUpdated": "2024-09-17T02:51:29.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10609 (GCVE-0-2020-10609)
Vulnerability from cvelistv5 – Published: 2020-07-27 18:57 – Updated: 2024-09-17 00:02
VLAI?
Summary
Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device.
Severity ?
No CVSS data available.
CWE
- CWE-256 - UNPROTECTED STORAGE OF CREDENTIALS CWE-256
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:10.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CIM 500",
"vendor": "Grundfos",
"versions": [
{
"lessThan": "v06.16.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T18:57:42",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-07T15:00:00.000Z",
"ID": "CVE-2020-10609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CIM 500",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v06.16.00"
}
]
}
}
]
},
"vendor_name": "Grundfos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10609",
"datePublished": "2020-07-27T18:57:42.479035Z",
"dateReserved": "2020-03-16T00:00:00",
"dateUpdated": "2024-09-17T00:02:05.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10605 (GCVE-0-2020-10605)
Vulnerability from cvelistv5 – Published: 2020-07-17 21:55 – Updated: 2024-09-17 02:51
VLAI?
Summary
Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files.
Severity ?
No CVSS data available.
CWE
- CWE-306 - MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CIM 500",
"vendor": "Grundfos",
"versions": [
{
"status": "affected",
"version": "before v06.16.00"
}
]
}
],
"datePublic": "2020-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T21:55:36",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2020-07-07T15:00:00.000Z",
"ID": "CVE-2020-10605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CIM 500",
"version": {
"version_data": [
{
"version_value": "before v06.16.00"
}
]
}
}
]
},
"vendor_name": "Grundfos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01",
"refsource": "CONFIRM",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-10605",
"datePublished": "2020-07-17T21:55:36.534259Z",
"dateReserved": "2020-03-16T00:00:00",
"dateUpdated": "2024-09-17T02:51:29.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}