CVE-2024-45273

EPSS 0.04%
Veröffentlicht 15.10.2024 11:15:11
Zuletzt bearbeitet 21.11.2024 09:37:35
Quelle info@cert.vde.com
Teams Watchlist Login
Unerledigt Login

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mbconnectline ≫ Mbnet.Mini Firmware Version < 2.3.1

Mbconnectline ≫ Mbnet.Mini Version-

Helmholz ≫ Myrex24 V2 Virtual Server Version < 2.16.3

Helmholz ≫ Rex 300 Firmware Version <= 5.1.11

Helmholz ≫ Rex 300 Version-

Helmholz ≫ Rex 200 Firmware Version < 8.2.1

Helmholz ≫ Rex 200 Version-

Helmholz ≫ Rex 250 Firmware Version < 8.2.1

Helmholz ≫ Rex 250 Version-

Helmholz ≫ Rex 100 Firmware Version < 2.3.1

Helmholz ≫ Rex 100 Version-

Mbconnectline ≫ Mbconnect24 Version < 2.16.3

Mbconnectline ≫ Mymbconnect24 Version < 2.16.3

Mbconnectline ≫ Mbspider Mdh 905 Firmware Version <= 2.6.5

Mbconnectline ≫ Mbspider Mdh 905 Version-

Mbconnectline ≫ Mbspider Mdh 915 Firmware Version <= 2.6.5

Mbconnectline ≫ Mbspider Mdh 915 Version-

Mbconnectline ≫ Mbspider Mdh 906 Firmware Version <= 2.6.5

Mbconnectline ≫ Mbspider Mdh 906 Version-

Mbconnectline ≫ Mbspider Mdh 916 Firmware Version <= 2.6.5

Mbconnectline ≫ Mbspider Mdh 916 Version-

Mbconnectline ≫ Mbnet Hw1 Firmware Version <= 5.1.11

Mbconnectline ≫ Mbnet Hw1 Version-

Mbconnectline ≫ Mbnet Firmware Version < 8.2.1

Mbconnectline ≫ Mbnet Version-

Mbconnectline ≫ Mbnet.Rokey Firmware Version < 8.2.1

Mbconnectline ≫ Mbnet.Rokey Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.088

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
info@cert.vde.com	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-261 Weak Encoding for Password

Obscuring a password with a trivial encoding does not protect the password.

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://cert.vde.com/en/advisories/VDE-2024-056

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2024-066

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2024-068

Third Party Advisory

https://cert.vde.com/en/advisories/VDE-2024-069

Third Party Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt

https://nvd.nist.gov/vuln/detail/CVE-2024-45273

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45273

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45273

EUVD