8.4
CVE-2024-45273
- EPSS 0.04%
- Published 15.10.2024 11:15:11
- Last modified 21.11.2024 09:37:35
- Source info@cert.vde.com
- Teams watchlist Login
- Open Login
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
Data is provided by the National Vulnerability Database (NVD)
Mbconnectline ≫ Mbnet.Mini Firmware Version < 2.3.1
Helmholz ≫ Myrex24 V2 Virtual Server Version < 2.16.3
Helmholz ≫ Rex 300 Firmware Version <= 5.1.11
Helmholz ≫ Rex 200 Firmware Version < 8.2.1
Helmholz ≫ Rex 250 Firmware Version < 8.2.1
Helmholz ≫ Rex 100 Firmware Version < 2.3.1
Mbconnectline ≫ Mbconnect24 Version < 2.16.3
Mbconnectline ≫ Mymbconnect24 Version < 2.16.3
Mbconnectline ≫ Mbspider Mdh 905 Firmware Version <= 2.6.5
Mbconnectline ≫ Mbspider Mdh 915 Firmware Version <= 2.6.5
Mbconnectline ≫ Mbspider Mdh 906 Firmware Version <= 2.6.5
Mbconnectline ≫ Mbspider Mdh 916 Firmware Version <= 2.6.5
Mbconnectline ≫ Mbnet Hw1 Firmware Version <= 5.1.11
Mbconnectline ≫ Mbnet Firmware Version < 8.2.1
Mbconnectline ≫ Mbnet.Rokey Firmware Version < 8.2.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.088 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| info@cert.vde.com | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-261 Weak Encoding for Password
Obscuring a password with a trivial encoding does not protect the password.
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.