8.4

CVE-2024-45273

MB connect line/Helmholz: Weak encryption of configuration file

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MbconnectlineMbnet.Mini Firmware Version < 2.3.1
   MbconnectlineMbnet.Mini Version-
HelmholzMyrex24 V2 Virtual Server Version < 2.16.3
HelmholzRex 300 Firmware Version <= 5.1.11
   HelmholzRex 300 Version-
HelmholzRex 200 Firmware Version < 8.2.1
   HelmholzRex 200 Version-
HelmholzRex 250 Firmware Version < 8.2.1
   HelmholzRex 250 Version-
HelmholzRex 100 Firmware Version < 2.3.1
   HelmholzRex 100 Version-
MbconnectlineMbconnect24 Version < 2.16.3
MbconnectlineMymbconnect24 Version < 2.16.3
MbconnectlineMbnet Hw1 Firmware Version <= 5.1.11
   MbconnectlineMbnet Hw1 Version-
MbconnectlineMbnet Firmware Version < 8.2.1
   MbconnectlineMbnet Version-
MbconnectlineMbnet.Rokey Firmware Version < 8.2.1
   MbconnectlineMbnet.Rokey Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.007
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
info@cert.vde.com 8.4 2.5 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-261 Weak Encoding for Password

Obscuring a password with a trivial encoding does not protect the password.

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://cert.vde.com/en/advisories/VDE-2024-056
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-066
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-068
Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2024-069
Third Party Advisory
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt