OpenCVE

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Helmholz	Myrex24.virtual Myrex24 V2 Myrex24 V2 Virtual Server Rex 200 Rex 200 Firmware Rex 250 Rex 250 Firmware Rex 300 Rex 300 Firmware
Mbconnectline	Mbconnect24 Mbnet Mbnet.rokey Mbnet.rokey Firmware Mbnet Firmware Mbnet Hw1 Mbnet Hw1 Firmware Mbspider Mdh 905 Mbspider Mdh 905 Firmware Mbspider Mdh 906 Mbspider Mdh 906 Firmware Mbspider Mdh 915 Mbspider Mdh 915 Firmware Mbspider Mdh 916 Mbspider Mdh 916 Firmware Mymbconnect24

Configuration 1 [-]

cpe:2.3:a:helmholz:myrex24_v2_virtual_server:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:helmholz:rex_300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:helmholz:rex_300:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:a:mbconnectline:mbconnect24::::::::
	cpe:2.3:a:mbconnectline:mymbconnect24::::::::

Configuration 6 [-]

AND

cpe:2.3:o:mbconnectline:mbspider_mdh_905_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbspider_mdh_905:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:mbconnectline:mbspider_mdh_915_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbspider_mdh_915:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:mbconnectline:mbspider_mdh_906_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbspider_mdh_906:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:mbconnectline:mbspider_mdh_916_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbspider_mdh_916:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:mbconnectline:mbnet_hw1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbnet_hw1:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:mbconnectline:mbnet_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbnet:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:mbconnectline:mbnet.rokey_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:mbconnectline:mbnet.rokey:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2024-068
https://cert.vde.com/en/advisories/VDE-2024-069
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-061.txt

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-061.txt

Thu, 17 Oct 2024 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Helmholz myrex24 V2 Virtual Server Helmholz rex 200 Helmholz rex 200 Firmware Helmholz rex 250 Helmholz rex 250 Firmware Helmholz rex 300 Helmholz rex 300 Firmware Mbconnectline mbnet Mbconnectline mbnet.rokey Mbconnectline mbnet.rokey Firmware Mbconnectline mbnet Firmware Mbconnectline mbnet Hw1 Mbconnectline mbnet Hw1 Firmware Mbconnectline mbspider Mdh 905 Mbconnectline mbspider Mdh 905 Firmware Mbconnectline mbspider Mdh 906 Mbconnectline mbspider Mdh 906 Firmware Mbconnectline mbspider Mdh 915 Mbconnectline mbspider Mdh 915 Firmware Mbconnectline mbspider Mdh 916 Mbconnectline mbspider Mdh 916 Firmware
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:helmholz:myrex24_v2_virtual_server:::::::: cpe:2.3:a:mbconnectline:mbconnect24:::::::: cpe:2.3:a:mbconnectline:mymbconnect24:::::::: cpe:2.3:h:helmholz:rex_200:-:::::::* cpe:2.3:h:helmholz:rex_250:-:::::::* cpe:2.3:h:helmholz:rex_300:-:::::::* cpe:2.3:h:mbconnectline:mbnet.rokey:-:::::::* cpe:2.3:h:mbconnectline:mbnet:-:::::::* cpe:2.3:h:mbconnectline:mbnet_hw1:-:::::::* cpe:2.3:h:mbconnectline:mbspider_mdh_905:-:::::::* cpe:2.3:h:mbconnectline:mbspider_mdh_906:-:::::::* cpe:2.3:h:mbconnectline:mbspider_mdh_915:-:::::::* cpe:2.3:h:mbconnectline:mbspider_mdh_916:-:::::::* cpe:2.3:o:helmholz:rex_200_firmware:::::::: cpe:2.3:o:helmholz:rex_250_firmware:::::::: cpe:2.3:o:helmholz:rex_300_firmware:::::::: cpe:2.3:o:mbconnectline:mbnet.rokey_firmware:::::::: cpe:2.3:o:mbconnectline:mbnet_firmware:::::::: cpe:2.3:o:mbconnectline:mbnet_hw1_firmware:::::::: cpe:2.3:o:mbconnectline:mbspider_mdh_905_firmware:::::::: cpe:2.3:o:mbconnectline:mbspider_mdh_906_firmware:::::::: cpe:2.3:o:mbconnectline:mbspider_mdh_915_firmware:::::::: cpe:2.3:o:mbconnectline:mbspider_mdh_916_firmware::::::::
Vendors & Products		Helmholz myrex24 V2 Virtual Server Helmholz rex 200 Helmholz rex 200 Firmware Helmholz rex 250 Helmholz rex 250 Firmware Helmholz rex 300 Helmholz rex 300 Firmware Mbconnectline mbnet Mbconnectline mbnet.rokey Mbconnectline mbnet.rokey Firmware Mbconnectline mbnet Firmware Mbconnectline mbnet Hw1 Mbconnectline mbnet Hw1 Firmware Mbconnectline mbspider Mdh 905 Mbconnectline mbspider Mdh 905 Firmware Mbconnectline mbspider Mdh 906 Mbconnectline mbspider Mdh 906 Firmware Mbconnectline mbspider Mdh 915 Mbconnectline mbspider Mdh 915 Firmware Mbconnectline mbspider Mdh 916 Mbconnectline mbspider Mdh 916 Firmware

Tue, 15 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Helmholz Helmholz myrex24.virtual Helmholz myrex24 V2 Mbconnectline Mbconnectline mbconnect24 Mbconnectline mymbconnect24
CPEs		cpe:2.3:a:helmholz:myrex24.virtual:::::::: cpe:2.3:a:helmholz:myrex24_v2:::::::: cpe:2.3:a:mbconnectline:mbconnect24:-:::::::* cpe:2.3:a:mbconnectline:mymbconnect24:-:::::::*
Vendors & Products		Helmholz Helmholz myrex24.virtual Helmholz myrex24 V2 Mbconnectline Mbconnectline mbconnect24 Mbconnectline mymbconnect24
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 15 Oct 2024 10:45:00 +0000

Type	Values Removed	Values Added
Description		An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
Title		MB connect line/Helmholz: Generation of weak passwords vulnerability
Weaknesses		CWE-1391
References		https://cert.vde.com/en/advisories/VDE-2024-068 https://cert.vde.com/en/advisories/VDE-2024-069
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2024-10-15T10:27:32.688Z

Updated: 2024-10-16T17:36:22.123Z

Reserved: 2024-08-26T09:19:01.266Z

Link: CVE-2024-45272

Vulnrichment

Updated: 2024-10-16T17:36:22.123Z

NVD

Status : Modified

Published: 2024-10-15T11:15:11.673

Modified: 2024-11-21T09:37:35.310

Link: CVE-2024-45272

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object