An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
History

Thu, 17 Oct 2024 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Helmholz myrex24 V2 Virtual Server
Helmholz rex 100
Helmholz rex 100 Firmware
Helmholz rex 200 Firmware
Helmholz rex 250
Helmholz rex 250 Firmware
Helmholz rex 300
Helmholz rex 300 Firmware
Mbconnectline mbnet
Mbconnectline mbnet.mini
Mbconnectline mbnet.mini Firmware
Mbconnectline mbnet.rokey
Mbconnectline mbnet.rokey Firmware
Mbconnectline mbnet Firmware
Mbconnectline mbnet Hw1 Firmware
Mbconnectline mbspider Mdh 905
Mbconnectline mbspider Mdh 905 Firmware
Mbconnectline mbspider Mdh 906
Mbconnectline mbspider Mdh 906 Firmware
Mbconnectline mbspider Mdh 915
Mbconnectline mbspider Mdh 915 Firmware
Mbconnectline mbspider Mdh 916
Mbconnectline mbspider Mdh 916 Firmware
Weaknesses CWE-326
CPEs cpe:2.3:a:helmholz:myrex24_v2_virtual_server:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:h:helmholz:rex_100:-:*:*:*:*:*:*:*
cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*
cpe:2.3:h:helmholz:rex_300:-:*:*:*:*:*:*:*
cpe:2.3:h:mbconnectline:mbnet.mini:-:*:*:*:*:*:*:*
cpe:2.3:h:mbconnectline:mbnet.rokey:-:*:*:*:*:*:*:*
cpe:2.3:h:mbconnectline:mbnet:-:*:*:*:*:*:*:*
cpe:2.3:h:mbconnectline:mbnet_hw1:-:*:*:*:*:*:*:*
cpe:2.3:h:mbconnectline:mbspider_mdh_905:-:*:*:*:*:*:*:*
cpe:2.3:h:mbconnectline:mbspider_mdh_906:-:*:*:*:*:*:*:*
cpe:2.3:h:mbconnectline:mbspider_mdh_915:-:*:*:*:*:*:*:*
cpe:2.3:h:mbconnectline:mbspider_mdh_916:-:*:*:*:*:*:*:*
cpe:2.3:o:helmholz:rex_100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:helmholz:rex_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbconnectline:mbnet.rokey_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbconnectline:mbnet_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbconnectline:mbnet_hw1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbconnectline:mbspider_mdh_905_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbconnectline:mbspider_mdh_906_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbconnectline:mbspider_mdh_915_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:mbconnectline:mbspider_mdh_916_firmware:*:*:*:*:*:*:*:*
Vendors & Products Helmholz myrex24 V2 Virtual Server
Helmholz rex 100
Helmholz rex 100 Firmware
Helmholz rex 200 Firmware
Helmholz rex 250
Helmholz rex 250 Firmware
Helmholz rex 300
Helmholz rex 300 Firmware
Mbconnectline mbnet
Mbconnectline mbnet.mini
Mbconnectline mbnet.mini Firmware
Mbconnectline mbnet.rokey
Mbconnectline mbnet.rokey Firmware
Mbconnectline mbnet Firmware
Mbconnectline mbnet Hw1 Firmware
Mbconnectline mbspider Mdh 905
Mbconnectline mbspider Mdh 905 Firmware
Mbconnectline mbspider Mdh 906
Mbconnectline mbspider Mdh 906 Firmware
Mbconnectline mbspider Mdh 915
Mbconnectline mbspider Mdh 915 Firmware
Mbconnectline mbspider Mdh 916
Mbconnectline mbspider Mdh 916 Firmware

Tue, 15 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Helmholz
Helmholz myrex24.virtual
Helmholz myrex24 V2
Helmholz rex100
Helmholz rex250
Helmholz rex300
Helmholz rex 200
Mb Connect Line
Mb Connect Line mbnet.mini
Mbconnectline
Mbconnectline mbconnect24
Mbconnectline mbnet Hw1
Mbconnectline mbnet Mbnet.rokey
Mbconnectline mbspider
Mbconnectline mymbconnect24
CPEs cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*
cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*
cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*
cpe:2.3:a:helmholz:rex250:*:*:*:*:*:*:*:*
cpe:2.3:a:helmholz:rex300:*:*:*:*:*:*:*:*
cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mbnet_hw1:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mbnet_mbnet.rokey:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mbspider:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*
cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*
Vendors & Products Helmholz
Helmholz myrex24.virtual
Helmholz myrex24 V2
Helmholz rex100
Helmholz rex250
Helmholz rex300
Helmholz rex 200
Mb Connect Line
Mb Connect Line mbnet.mini
Mbconnectline
Mbconnectline mbconnect24
Mbconnectline mbnet Hw1
Mbconnectline mbnet Mbnet.rokey
Mbconnectline mbspider
Mbconnectline mymbconnect24
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 15 Oct 2024 10:45:00 +0000

Type Values Removed Values Added
Description An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
Title MB connect line/Helmholz: Weak encryption of configuration file
Weaknesses CWE-261
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2024-10-15T10:27:52.208Z

Updated: 2024-10-16T17:47:04.737Z

Reserved: 2024-08-26T09:19:01.266Z

Link: CVE-2024-45273

cve-icon Vulnrichment

Updated: 2024-10-16T17:47:04.737Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-15T11:15:11.940

Modified: 2024-10-17T17:41:43.017

Link: CVE-2024-45273

cve-icon Redhat

No data.