VAR-202007-0032
Vulnerability from variot - Updated: 2023-12-18 12:17Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. Grundfos Provided by the company CIM 500 Is Grundfos This is an expansion module that enables data communication using Ethernet in the equipment manufactured by the manufacturer. CIM 500 The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2020-10605 * Plaintext storage of authentication information (CWE-256) - CVE-2020-10609The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party accesses the file containing the password - CVE-2020-10605 * Since the authentication information is stored in plain text in the product, a third party who can access the product can steal sensitive information or change system settings. - CVE-2020-10609. Grundfos CIM 500 is an Ethernet module of Danish Grundfos company.
There was a security vulnerability in Grundfos CIM 500 v06.16.00 before version, which was caused by the program storing credentials in clear text. Attackers can use this vulnerability to read sensitive information or modify system configuration
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202007-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cim 500",
"scope": "eq",
"trust": 1.0,
"vendor": "grundfos",
"version": "06.16.00"
},
{
"model": "cim 500",
"scope": "eq",
"trust": 0.8,
"vendor": "grundfos",
"version": "v06.16.00"
},
{
"model": "cim",
"scope": "eq",
"trust": 0.6,
"vendor": "grundfos",
"version": "500\u003c06.16.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10609"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:grundfos:cim_500:06.16.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10609"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcin Dudek from CERT.PL",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
],
"trust": 0.6
},
"cve": "CVE-2020-10609",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38412",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006476",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006476",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-006476",
"trust": 1.6,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2020-10609",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-38412",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-355",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10609"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. Grundfos Provided by the company CIM 500 Is Grundfos This is an expansion module that enables data communication using Ethernet in the equipment manufactured by the manufacturer. CIM 500 The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2020-10605 * Plaintext storage of authentication information (CWE-256) - CVE-2020-10609The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party accesses the file containing the password - CVE-2020-10605 * Since the authentication information is stored in plain text in the product, a third party who can access the product can steal sensitive information or change system settings. - CVE-2020-10609. Grundfos CIM 500 is an Ethernet module of Danish Grundfos company. \n\r\n\r\nThere was a security vulnerability in Grundfos CIM 500 v06.16.00 before version, which was caused by the program storing credentials in clear text. Attackers can use this vulnerability to read sensitive information or modify system configuration",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10609"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNVD",
"id": "CNVD-2020-38412"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10609",
"trust": 3.0
},
{
"db": "ICS CERT",
"id": "ICSA-20-189-01",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU91070438",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-38412",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2311",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47976",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202007-355",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10609"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
]
},
"id": "VAR-202007-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
}
]
},
"last_update_date": "2023-12-18T12:17:00.020000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CIM 500",
"trust": 0.8,
"url": "https://product-selection.grundfos.com/sg/products/service-partkit/cim-500-98765358"
},
{
"title": "Patch for Grundfos CIM 500 Unprotected Credential Storage Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/225333"
},
{
"title": "Grundfos CIM 500 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=123257"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "CWE-306",
"trust": 0.8
},
{
"problemtype": "CWE-256",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10609"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-189-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10605"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10609"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91070438/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47976"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2311/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10609"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10609"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"db": "NVD",
"id": "CVE-2020-10609"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"date": "2020-07-27T19:15:13.637000",
"db": "NVD",
"id": "CVE-2020-10609"
},
{
"date": "2020-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38412"
},
{
"date": "2020-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006476"
},
{
"date": "2020-07-30T18:37:38.813000",
"db": "NVD",
"id": "CVE-2020-10609"
},
{
"date": "2020-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Grundfos Made CIM 500 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006476"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-355"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…