8.4
CVE-2024-45273
- EPSS 0.09%
- Veröffentlicht 15.10.2024 11:15:11
- Zuletzt bearbeitet 21.11.2024 09:37:35
- Quelle info@cert.vde.com
- CVE-Watchlists
- Unerledigt
MB connect line/Helmholz: Weak encryption of configuration file
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mbconnectline ≫ Mbnet.Mini Firmware Version < 2.3.1
Helmholz ≫ Myrex24 V2 Virtual Server Version < 2.16.3
Helmholz ≫ Rex 300 Firmware Version <= 5.1.11
Helmholz ≫ Rex 200 Firmware Version < 8.2.1
Helmholz ≫ Rex 250 Firmware Version < 8.2.1
Helmholz ≫ Rex 100 Firmware Version < 2.3.1
Mbconnectline ≫ Mbconnect24 Version < 2.16.3
Mbconnectline ≫ Mymbconnect24 Version < 2.16.3
Mbconnectline ≫ Mbspider Mdh 905 Firmware Version <= 2.6.5
Mbconnectline ≫ Mbspider Mdh 915 Firmware Version <= 2.6.5
Mbconnectline ≫ Mbspider Mdh 906 Firmware Version <= 2.6.5
Mbconnectline ≫ Mbspider Mdh 916 Firmware Version <= 2.6.5
Mbconnectline ≫ Mbnet Hw1 Firmware Version <= 5.1.11
Mbconnectline ≫ Mbnet Firmware Version < 8.2.1
Mbconnectline ≫ Mbnet.Rokey Firmware Version < 8.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.007 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| info@cert.vde.com | 8.4 | 2.5 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-261 Weak Encoding for Password
Obscuring a password with a trivial encoding does not protect the password.
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
https://cert.vde.com/en/advisories/VDE-2024-056
https://cert.vde.com/en/advisories/VDE-2024-066
https://cert.vde.com/en/advisories/VDE-2024-068
https://cert.vde.com/en/advisories/VDE-2024-069
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt