PT-2020-12237 · Grundfos · Grundfos Cim 500

Published

2020-07-27

Updated

2020-07-30

CVE-2020-10609

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Grundfos CIM 500 version 06.16.00

Description The issue concerns the storage of plaintext credentials in the device, which could allow unauthorized access to sensitive information or modification of system settings by someone with access to the device.

Recommendations For Grundfos CIM 500 version 06.16.00, consider restricting access to the device to minimize the risk of exploitation, and avoid using the device until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-256CWE-522

Related Identifiers

CVE-2020-10609

Affected Products

Grundfos Cim 500

PT-2020-12237 · Grundfos · Grundfos Cim 500

CVE-2020-10609

Weakness Enumeration

Related Identifiers

Affected Products

References · 4