Vulnerability-Lookup - Search a vulnerability

Vulnerability from fkie_nvd

Published

2024-10-15 11:15

Modified

2024-11-21 09:37

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

References

URL	Tags
info@cert.vde.com	https://cert.vde.com/en/advisories/VDE-2024-056	Third Party Advisory
info@cert.vde.com	https://cert.vde.com/en/advisories/VDE-2024-066	Third Party Advisory
info@cert.vde.com	https://cert.vde.com/en/advisories/VDE-2024-068	Third Party Advisory
info@cert.vde.com	https://cert.vde.com/en/advisories/VDE-2024-069	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt

Impacted products

Vendor	Product	Version
mbconnectline	mbnet.mini_firmware	*
mbconnectline	mbnet.mini	-
helmholz	myrex24_v2_virtual_server	*
helmholz	rex_300_firmware	*
helmholz	rex_300	-
helmholz	rex_200_firmware	*
helmholz	rex_200	-
helmholz	rex_250_firmware	*
helmholz	rex_250	-
helmholz	rex_100_firmware	*
helmholz	rex_100	-
mbconnectline	mbconnect24	*
mbconnectline	mymbconnect24	*
mbconnectline	mbspider_mdh_905_firmware	*
mbconnectline	mbspider_mdh_905	-
mbconnectline	mbspider_mdh_915_firmware	*
mbconnectline	mbspider_mdh_915	-
mbconnectline	mbspider_mdh_906_firmware	*
mbconnectline	mbspider_mdh_906	-
mbconnectline	mbspider_mdh_916_firmware	*
mbconnectline	mbspider_mdh_916	-
mbconnectline	mbnet_hw1_firmware	*
mbconnectline	mbnet_hw1	-
mbconnectline	mbnet_firmware	*
mbconnectline	mbnet	-
mbconnectline	mbnet.rokey_firmware	*
mbconnectline	mbnet.rokey	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E80D53-0907-45AF-A03B-A093C5CEA33B",
              "versionEndExcluding": "2.3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbnet.mini:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1D1B769-DA91-4F0C-AD34-D735B7A8B8FF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:helmholz:myrex24_v2_virtual_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D5B73E2-38BA-415D-96AF-D0F835E3C9BC",
              "versionEndExcluding": "2.16.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:helmholz:rex_300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CB17C2-1B86-41AA-8737-718BA9464BB0",
              "versionEndIncluding": "5.1.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:helmholz:rex_300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB65F958-3FF4-48A7-8007-406A7FDBA0E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE10F9E9-A0EE-4CF1-9F4B-6AF4179ED03E",
              "versionEndExcluding": "8.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "28B3785D-8EFF-4A67-88F1-8F9D0EC39D6C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "67ECB608-F99D-479C-95CC-349DCB530D98",
              "versionEndExcluding": "8.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53454815-3E7A-4097-8FC7-2F7634DAF7E1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:helmholz:rex_100_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F226166A-1261-43F9-81EC-E1C0FC9CB6E6",
              "versionEndExcluding": "2.3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:helmholz:rex_100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7E8BE39-3C4A-484A-A34D-3CB4B46E41FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F017673-3A54-4D92-811F-AE395CCED7CF",
              "versionEndExcluding": "2.16.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18BC8E52-E277-4D72-903A-A31FC658B6E2",
              "versionEndExcluding": "2.16.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_905_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "188A4550-AE25-459E-9624-97090842230B",
              "versionEndIncluding": "2.6.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_905:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ABBF6FE-BF26-43B2-B54C-6ECE4234B3C9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CAEA6C5-27F5-4BA5-BEB4-DD2EDE66F877",
              "versionEndIncluding": "2.6.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED665544-6D67-465A-8850-6FD7A44D9E6F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_906_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E41557B9-9BE2-4286-A1FE-88CDAD14B824",
              "versionEndIncluding": "2.6.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_906:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63B499C3-0C59-488D-89E7-2CBEEA42E1E9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_916_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75321482-BFC4-4D37-AF03-9212AE6028A7",
              "versionEndIncluding": "2.6.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_916:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74973FF-4DC9-4076-A161-28EC0A5F5E6D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbnet_hw1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7470E3A2-72C5-4743-ABC2-14FB4C9F02D8",
              "versionEndIncluding": "5.1.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbnet_hw1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E49632-8868-4BF8-A86D-E7F10130B378",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbnet_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40166B67-481E-4B36-BBD8-4F5721B75B9E",
              "versionEndExcluding": "8.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbnet:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8CB051-1E1A-4014-9FB2-4473AC4CEE30",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbnet.rokey_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE59454-A9F9-44BE-8B06-9A631332A4E9",
              "versionEndExcluding": "8.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbnet.rokey:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7B6E4C-1AC2-4CD8-A056-2EF8845622CA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used."
    },
    {
      "lang": "es",
      "value": "Un atacante local no autenticado puede descifrar el archivo de configuraci\u00f3n del dispositivo y, por lo tanto, comprometer el dispositivo debido a una implementaci\u00f3n d\u00e9bil del cifrado utilizado."
    }
  ],
  "id": "CVE-2024-45273",
  "lastModified": "2024-11-21T09:37:35.450",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "info@cert.vde.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-15T11:15:11.940",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2024-056"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2024-066"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2024-068"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2024-069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-261"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2024-10-15 11:15

Modified

2024-11-21 09:37

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

References

URL	Tags
info@cert.vde.com	https://cert.vde.com/en/advisories/VDE-2024-068	Third Party Advisory
info@cert.vde.com	https://cert.vde.com/en/advisories/VDE-2024-069	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-061.txt

Impacted products

Vendor	Product	Version
helmholz	myrex24_v2_virtual_server	*
helmholz	rex_300_firmware	*
helmholz	rex_300	-
helmholz	rex_200_firmware	*
helmholz	rex_200	-
helmholz	rex_250_firmware	*
helmholz	rex_250	-
mbconnectline	mbconnect24	*
mbconnectline	mymbconnect24	*
mbconnectline	mbspider_mdh_905_firmware	*
mbconnectline	mbspider_mdh_905	-
mbconnectline	mbspider_mdh_915_firmware	*
mbconnectline	mbspider_mdh_915	-
mbconnectline	mbspider_mdh_906_firmware	*
mbconnectline	mbspider_mdh_906	-
mbconnectline	mbspider_mdh_916_firmware	*
mbconnectline	mbspider_mdh_916	-
mbconnectline	mbnet_hw1_firmware	*
mbconnectline	mbnet_hw1	-
mbconnectline	mbnet_firmware	*
mbconnectline	mbnet	-
mbconnectline	mbnet.rokey_firmware	*
mbconnectline	mbnet.rokey	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:helmholz:myrex24_v2_virtual_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D5B73E2-38BA-415D-96AF-D0F835E3C9BC",
              "versionEndExcluding": "2.16.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:helmholz:rex_300_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CB17C2-1B86-41AA-8737-718BA9464BB0",
              "versionEndIncluding": "5.1.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:helmholz:rex_300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB65F958-3FF4-48A7-8007-406A7FDBA0E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE10F9E9-A0EE-4CF1-9F4B-6AF4179ED03E",
              "versionEndExcluding": "8.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "28B3785D-8EFF-4A67-88F1-8F9D0EC39D6C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "67ECB608-F99D-479C-95CC-349DCB530D98",
              "versionEndExcluding": "8.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53454815-3E7A-4097-8FC7-2F7634DAF7E1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F017673-3A54-4D92-811F-AE395CCED7CF",
              "versionEndExcluding": "2.16.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18BC8E52-E277-4D72-903A-A31FC658B6E2",
              "versionEndExcluding": "2.16.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_905_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "188A4550-AE25-459E-9624-97090842230B",
              "versionEndIncluding": "2.6.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_905:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ABBF6FE-BF26-43B2-B54C-6ECE4234B3C9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_915_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CAEA6C5-27F5-4BA5-BEB4-DD2EDE66F877",
              "versionEndIncluding": "2.6.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_915:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED665544-6D67-465A-8850-6FD7A44D9E6F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_906_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E41557B9-9BE2-4286-A1FE-88CDAD14B824",
              "versionEndIncluding": "2.6.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_906:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63B499C3-0C59-488D-89E7-2CBEEA42E1E9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_916_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75321482-BFC4-4D37-AF03-9212AE6028A7",
              "versionEndIncluding": "2.6.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_916:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74973FF-4DC9-4076-A161-28EC0A5F5E6D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbnet_hw1_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7470E3A2-72C5-4743-ABC2-14FB4C9F02D8",
              "versionEndIncluding": "5.1.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbnet_hw1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E49632-8868-4BF8-A86D-E7F10130B378",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbnet_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40166B67-481E-4B36-BBD8-4F5721B75B9E",
              "versionEndExcluding": "8.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbnet:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8CB051-1E1A-4014-9FB2-4473AC4CEE30",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mbconnectline:mbnet.rokey_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE59454-A9F9-44BE-8B06-9A631332A4E9",
              "versionEndExcluding": "8.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:mbconnectline:mbnet.rokey:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7B6E4C-1AC2-4CD8-A056-2EF8845622CA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost."
    },
    {
      "lang": "es",
      "value": "Un atacante remoto no autenticado puede realizar un ataque de fuerza bruta a las credenciales del portal de servicio remoto con una alta probabilidad de \u00e9xito, lo que da como resultado la p\u00e9rdida de la conexi\u00f3n."
    }
  ],
  "id": "CVE-2024-45272",
  "lastModified": "2024-11-21T09:37:35.310",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "info@cert.vde.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-15T11:15:11.673",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2024-068"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2024-069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-061.txt"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1391"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd

Published

2023-08-17 14:15

Modified

2024-11-21 08:07

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).

References

URL	Tags
info@cert.vde.com	https://cert.vde.com/en/advisories/VDE-2023-012/	Third Party Advisory
info@cert.vde.com	https://cert.vde.com/en/advisories/VDE-2023-029/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en/advisories/VDE-2023-012/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert.vde.com/en/advisories/VDE-2023-029/	Third Party Advisory

Impacted products

Vendor	Product	Version
helmholz	rex_250_firmware	*
helmholz	rex_250	-
helmholz	rex_200_firmware	*
helmholz	rex_200	-
redlion	mbnet.rokey_rkh_210_firmware	*
redlion	mbnet.rokey_rkh_210	-
redlion	mbnet.rokey_rkh_216_firmware	*
redlion	mbnet.rokey_rkh_216	-
redlion	mbnet.rokey_rkh_235_firmware	*
redlion	mbnet.rokey_rkh_235	-
redlion	mbnet.rokey_rkh_259_firmware	*
redlion	mbnet.rokey_rkh_259	-
redlion	mbnet_mdh_811_firmware	*
redlion	mbnet_mdh_811	-
redlion	mbnet_mdh_850_firmware	*
redlion	mbnet_mdh_850	-
redlion	mbnet_mdh_871_firmware	*
redlion	mbnet_mdh_871	-
redlion	mbnet_mdh_831_firmware	*
redlion	mbnet_mdh_831	-
redlion	mbnet_mdh_855_firmware	*
redlion	mbnet_mdh_855	-
redlion	mbnet_mdh_876_firmware	*
redlion	mbnet_mdh_876	-
redlion	mbnet_mdh_858_firmware	*
redlion	mbnet_mdh_858	-
redlion	mbnet_mdh_816_firmware	*
redlion	mbnet_mdh_816	-
redlion	mbnet_mdh_841_firmware	*
redlion	mbnet_mdh_841	-
redlion	mbnet_mdh_859_firmware	*
redlion	mbnet_mdh_859	-
redlion	mbnet_mdh_835_firmware	*
redlion	mbnet_mdh_835	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18903E70-B902-4182-B41D-666EB8C3B61C",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53454815-3E7A-4097-8FC7-2F7634DAF7E1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66925474-A4F6-4D7C-8163-290761406352",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "28B3785D-8EFF-4A67-88F1-8F9D0EC39D6C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_210_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "498A9C6F-FCEE-44F9-AC64-8C070E9E31A4",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_210:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DBA39B6-4D76-44ED-847F-10B2BA96EB0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_216_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2FEA63F-166C-4D08-8F49-8F1962CB97E2",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_216:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F530332-3BFB-43D3-AD5F-0B4410543BEA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_235_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "35085939-39A2-482B-802F-77313F1CA63D",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_235:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "873AEDC5-A8B6-4B76-8A43-A3C6241ABE09",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_259_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF81568-103C-408A-A575-33588BF5903B",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_259:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "031FFFE6-9C5F-47D9-8264-CC7C2D256941",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet_mdh_811_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBE73666-D739-4C07-B7B4-31BBC0608C74",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet_mdh_811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "30C680F1-60C6-43BF-BE62-D9D49A609734",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet_mdh_850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12FBFD60-81BC-4B25-8AC5-E041E57A870E",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet_mdh_850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C293C0F8-EF07-4F19-A7B6-CE5EC170E042",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet_mdh_871_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "68D51AD3-E614-45C3-8163-9547DCD41FEB",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet_mdh_871:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4347DC3-2035-4328-91CE-3ABA912A3B7D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet_mdh_831_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C06DD90C-4E6D-4836-99CA-16A0F0AAE6E1",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet_mdh_831:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A275C2A8-D5B6-4B32-9080-5E41B51B4487",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet_mdh_855_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1997B14-061F-47D6-8FF0-266D316211CB",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet_mdh_855:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "055F9937-565E-4103-9E2A-0BB274B1D770",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet_mdh_876_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A72C9074-B9A0-4DF9-9262-0937C6B2B3FF",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet_mdh_876:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E152B4F0-44A1-45FD-A541-0E039479DC00",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet_mdh_858_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "745A8264-D4A7-4431-83E0-63FA59A8E575",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet_mdh_858:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0002E5EA-F173-4861-95D9-6996A51F08A0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet_mdh_816_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD074843-119D-4738-8F52-D43B825AA472",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet_mdh_816:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B61FB21C-AD6B-4BF8-A303-8C0122276B7A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet_mdh_841_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAEF7742-A151-4139-A664-DE482CC1B830",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet_mdh_841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1C27B28-A5ED-4C25-B0B9-14D1E89A414B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet_mdh_859_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AC171EC-9196-4DFA-A07F-C4DC8D1037DD",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet_mdh_859:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "35427F3B-13D9-42E4-8547-0DC3A2B03662",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redlion:mbnet_mdh_835_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "967284B7-89DE-41E7-AD1F-61F0F3530944",
              "versionEndExcluding": "7.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:redlion:mbnet_mdh_835:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53DA2CB3-9C62-4CE1-8DB8-2E7378D162E4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."
    }
  ],
  "id": "CVE-2023-34412",
  "lastModified": "2024-11-21T08:07:11.220",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7,
        "source": "info@cert.vde.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-08-17T14:15:09.700",
  "references": [
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2023-012/"
    },
    {
      "source": "info@cert.vde.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2023-029/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2023-012/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en/advisories/VDE-2023-029/"
    }
  ],
  "sourceIdentifier": "info@cert.vde.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "info@cert.vde.com",
      "type": "Primary"
    }
  ]
}

CVE-2024-45273 (GCVE-0-2024-45273)

Vulnerability from cvelistv5

Published

2024-10-15 10:27

Modified

2024-10-16 17:47

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-261 - Weak Encoding for Password

Summary

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

References

►

URL

Tags

	https://cert.vde.com/en/advisories/VDE-2024-056
	https://cert.vde.com/en/advisories/VDE-2024-066
	https://cert.vde.com/en/advisories/VDE-2024-068
	https://cert.vde.com/en/advisories/VDE-2024-069

Impacted products

Vendor

Product

Version

►

MB connect line

mbNET.mini

Version: 0.0.0 ≤ 2.2.13

MB connect line	mbNET/mbNET.rokey	Version: 0.0.0 ≤ 8.2.0
MB connect line	mbNET HW1	Version: 0.0.0 ≤ 5.1.11
MB connect line	mbSPIDER	Version: 0.0.0 ≤ 2.6.5
MB connect line	mbCONNECT24	Version: 0.0.0 ≤ 2.16.2
MB connect line	mymbCONNECT24	Version: 0.0.0 ≤ 2.16.2
Helmholz	REX100	Version: 0.0.0 ≤ <= 2.2.13
Helmholz	REX200/250	Version: 0.0.0 ≤ <= 8.2.0
Helmholz	myREX24 V2	Version: 0.0.0 ≤ <= 2.16.2
Helmholz	myREX24.virtual	Version: 0.0.0 ≤ <= 2.16.2
Helmholz	REX300	Version: 0.0.0 ≤ <= 5.1.11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbnet.mini",
            "vendor": "mb_connect_line",
            "versions": [
              {
                "lessThanOrEqual": "2.2.13",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mbnet_mbnet.rokey:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbnet_mbnet.rokey",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "8.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mbnet_hw1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbnet_hw1",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "5.1.11",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mbspider:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbspider",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "2.6.5",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbconnect24",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "2.16.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mymbconnect24",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "2.16.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rex100",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "2.2.13",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rex_200",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "8.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:rex250:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rex250",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "8.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "myrex24_v2",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "2.16.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "myrex24.virtual",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "2.16.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:rex300:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rex300",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "5.1.11",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45273",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T18:22:26.955543Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T18:31:20.013Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-16T17:47:04.737Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "mbNET.mini",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "2.2.13",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mbNET/mbNET.rokey",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mbNET HW1",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "5.1.11",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mbSPIDER",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "2.6.5",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mbCONNECT24",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "2.16.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mymbCONNECT24",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "2.16.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "REX100",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 2.2.13",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "REX200/250",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 8.2.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "myREX24 V2",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 2.16.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "myREX24.virtual",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 2.16.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "REX300",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 5.1.11",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Moritz Abrell"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "SySS GmbH"
        }
      ],
      "datePublic": "2024-10-15T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.\u003cbr\u003e"
            }
          ],
          "value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-261",
              "description": "CWE-261: Weak Encoding for Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T10:27:52.208Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-056"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-066"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-068"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-069"
        }
      ],
      "source": {
        "advisory": "VDE-2024-056, VDE-2024-066, VDE-2024-068, VDE-2024-069",
        "defect": [
          "CERT@VDE#641679",
          "CERT@VDE#641695",
          "CERT@VDE#641692",
          "CERT@VDE#641696"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "MB connect line/Helmholz: Weak encryption of configuration file",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-45273",
    "datePublished": "2024-10-15T10:27:52.208Z",
    "dateReserved": "2024-08-26T09:19:01.266Z",
    "dateUpdated": "2024-10-16T17:47:04.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-34412 (GCVE-0-2023-34412)

Vulnerability from cvelistv5

Published

2023-08-17 13:07

Modified

2024-08-02 16:10

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).

References

►

URL

CVE-2024-45272 (GCVE-0-2024-45272)

Vulnerability from cvelistv5

Published

2024-10-15 10:27

Modified

2024-10-16 17:36

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1391 - Use of Weak Credentials

Summary

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

References

►

URL

Vulnerabilites related to helmholz - rex_200

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

Vulnerability from fkie_nvd

CVE-2024-45273 (GCVE-0-2024-45273)

Vulnerability from cvelistv5

CVE-2023-34412 (GCVE-0-2023-34412)

Vulnerability from cvelistv5

CVE-2024-45272 (GCVE-0-2024-45272)

Vulnerability from cvelistv5