CVE-2019-6560 - OpenCVE

In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Auto-maskin	Dcu 210 Marine Pro Observer Dcu 210 Firmware Rp210e Firmware Rp210e

Configuration 1 [-]

AND

cpe:2.3:o:auto-maskin:rp210e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:auto-maskin:rp210e:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:auto-maskin:dcu_210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:auto-maskin:dcu_210:-:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*

References

Link	Resource
https://www.us-cert.gov/ics/advisories/icsa-20-051-04	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2020-03-23T19:37:33

Updated: 2020-03-23T19:37:33

Reserved: 2019-01-22T00:00:00

Link: CVE-2019-6560

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-03-23T20:15:11.667

Modified: 2020-03-25T16:32:09.863

Link: CVE-2019-6560

JSON object: View

Redhat Information

No data.

CWE

CWE-640

{"containers": {"cna": {"affected": [{"product": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)"}]}], "descriptions": [{"lang": "en", "value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-640", "description": "WEAK PASSWORD RECOVERY MECHANISM FOR FORGOTTEN PASSWORD CWE-640", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-23T19:37:33", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-6560", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)", "version": {"version_data": [{"version_value": "Auto-Maskin RP210E Versions 3.7 and prior DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "WEAK PASSWORD RECOVERY MECHANISM FOR FORGOTTEN PASSWORD CWE-640"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-6560", "datePublished": "2020-03-23T19:37:33", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2020-03-23T19:37:33", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:auto-maskin:rp210e_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2261F7F-38D7-4904-8FA5-92059D131B4F", "versionEndIncluding": "3.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:auto-maskin:rp210e:-:*:*:*:*:*:*:*", "matchCriteriaId": "DDE9B393-2C5D-47E2-9A5E-171DCFE2D565", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:auto-maskin:dcu_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C357686B-0BA6-4991-B7CF-8CBB897C1FBD", "versionEndIncluding": "3.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:auto-maskin:dcu_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9C8687D1-3A36-464D-BE9E-04198E31C16E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:auto-maskin:marine_pro_observer:-:*:*:*:*:android:*:*", "matchCriteriaId": "D9050A5F-13F4-44EC-B1C9-8DB90508AA8D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Auto-Maskin RP210E Versions 3.7 and prior, DCU210E Versions 3.7 and prior and Marine Observer Pro (Android App), the software contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak."}, {"lang": "es", "value": "En Auto-Maskin RP210E Versiones 3.7 y anteriores, DCU210E Versiones 3.7 y anteriores y Marine Observer Pro (aplicaci\u00f3n de Android), el software contiene un mecanismo para que los usuarios recuperen o cambien sus contrase\u00f1as sin conocer la contrase\u00f1a original, pero el mecanismo es d\u00e9bil."}], "id": "CVE-2019-6560", "lastModified": "2020-03-25T16:32:09.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-23T20:15:11.667", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-051-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-640"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-640"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}