VAR-202007-0029
Vulnerability from variot - Updated: 2023-12-18 12:17Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files. Grundfos Provided by the company CIM 500 Is Grundfos This is an expansion module that enables data communication using Ethernet in the equipment manufactured by the manufacturer. CIM 500 The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2020-10605 * Plaintext storage of authentication information (CWE-256) - CVE-2020-10609The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party accesses the file containing the password - CVE-2020-10605 * Since the authentication information is stored in plain text in the product, a third party who can access the product can steal sensitive information or change system settings. - CVE-2020-10609. Grundfos CIM 500 is an Ethernet module of Danish Grundfos company.
There is an access control error vulnerability in versions prior to Grundfos CIM 500 v06.16.00
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0029",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cim 500",
"scope": "lt",
"trust": 1.0,
"vendor": "grundfos",
"version": "06.16.00"
},
{
"model": "cim 500",
"scope": "eq",
"trust": 0.8,
"vendor": "grundfos",
"version": "v06.16.00"
},
{
"model": "cim",
"scope": "eq",
"trust": 0.6,
"vendor": "grundfos",
"version": "500\u003c06.16.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10605"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:grundfos:cim_500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "06.16.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:grundfos:cim_500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10605"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcin Dudek from CERT.PL",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10605",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38413",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006476",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006476",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-006476",
"trust": 1.6,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2020-10605",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-38413",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-357",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10605"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files. Grundfos Provided by the company CIM 500 Is Grundfos This is an expansion module that enables data communication using Ethernet in the equipment manufactured by the manufacturer. CIM 500 The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2020-10605 * Plaintext storage of authentication information (CWE-256) - CVE-2020-10609The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party accesses the file containing the password - CVE-2020-10605 * Since the authentication information is stored in plain text in the product, a third party who can access the product can steal sensitive information or change system settings. - CVE-2020-10609. Grundfos CIM 500 is an Ethernet module of Danish Grundfos company. \n\r\n\r\nThere is an access control error vulnerability in versions prior to Grundfos CIM 500 v06.16.00",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10605"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNVD",
"id": "CNVD-2020-38413"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10605",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-01",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU91070438",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-38413",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2311",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10605"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
]
},
"id": "VAR-202007-0029",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
}
]
},
"last_update_date": "2023-12-18T12:17:00.045000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CIM 500",
"trust": 0.8,
"url": "https://product-selection.grundfos.com/sg/products/service-partkit/cim-500-98765358"
},
{
"title": "Patch for Grundfos CIM 500 access control error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/225331"
},
{
"title": "Grundfos CIM 500 Fixes for access control error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=123259"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
},
{
"problemtype": "CWE-256",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10605"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10605"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10609"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91070438/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10605"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2311/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10605"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10605"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"date": "2020-07-17T22:15:11.103000",
"db": "NVD",
"id": "CVE-2020-10605"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"date": "2020-07-23T18:29:33.537000",
"db": "NVD",
"id": "CVE-2020-10605"
},
{
"date": "2020-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grundfos CIM 500 access control error vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38413"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-357"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…