variot - var-202410-0405

var-202410-0405

Vulnerability from variot

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202410-0405",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rex 300",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "helmholz",
        "version": "5.1.11"
      },
      {
        "model": "mbnet.mini",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.3.1"
      },
      {
        "model": "mbnet",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "8.2.1"
      },
      {
        "model": "rex 100",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "helmholz",
        "version": "2.3.1"
      },
      {
        "model": "mymbconnect24",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.16.3"
      },
      {
        "model": "rex 250",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "helmholz",
        "version": "8.2.1"
      },
      {
        "model": "mbspider mdh 916",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.6.5"
      },
      {
        "model": "rex 200",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "helmholz",
        "version": "8.2.1"
      },
      {
        "model": "mbspider mdh 915",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.6.5"
      },
      {
        "model": "mbspider mdh 905",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.6.5"
      },
      {
        "model": "mbspider mdh 906",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.6.5"
      },
      {
        "model": "mbnet hw1",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "5.1.11"
      },
      {
        "model": "mbnet.rokey",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "8.2.1"
      },
      {
        "model": "myrex24 v2 virtual server",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "helmholz",
        "version": "2.16.3"
      },
      {
        "model": "mbconnect24",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mbconnectline",
        "version": "2.16.3"
      },
      {
        "model": "mbnet",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mbnet.mini",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mbconnect24",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mymbconnect24",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "rex 300",
        "scope": null,
        "trust": 0.8,
        "vendor": "helmholz",
        "version": null
      },
      {
        "model": "myrex24 v2 virtual server",
        "scope": null,
        "trust": 0.8,
        "vendor": "helmholz",
        "version": null
      },
      {
        "model": "rex 100",
        "scope": null,
        "trust": 0.8,
        "vendor": "helmholz",
        "version": null
      },
      {
        "model": "rex 200",
        "scope": null,
        "trust": 0.8,
        "vendor": "helmholz",
        "version": null
      },
      {
        "model": "mbspider mdh 915",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mbspider mdh 905",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mbnet hw1",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mbspider mdh 906",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "mbspider mdh 916",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      },
      {
        "model": "rex 250",
        "scope": null,
        "trust": 0.8,
        "vendor": "helmholz",
        "version": null
      },
      {
        "model": "mbnet.rokey",
        "scope": null,
        "trust": 0.8,
        "vendor": "mb connect line",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "cve": "CVE-2024-45273",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2024-45273",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "info@cert.vde.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.5,
            "id": "CVE-2024-45273",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2024-45273",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2024-45273",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "info@cert.vde.com",
            "id": "CVE-2024-45273",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2024-45273",
            "trust": 0.8,
            "value": "High"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2024-45273",
        "trust": 2.6
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2024-056",
        "trust": 1.8
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2024-068",
        "trust": 1.8
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2024-069",
        "trust": 1.8
      },
      {
        "db": "CERT@VDE",
        "id": "VDE-2024-066",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "id": "VAR-202410-0405",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.5
  },
  "last_update_date": "2024-10-23T22:43:38.071000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-261",
        "trust": 1.0
      },
      {
        "problemtype": "Use Weak Ciphers for Passwords (CWE-261) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": " Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://cert.vde.com/en/advisories/vde-2024-056"
      },
      {
        "trust": 1.8,
        "url": "https://cert.vde.com/en/advisories/vde-2024-066"
      },
      {
        "trust": 1.8,
        "url": "https://cert.vde.com/en/advisories/vde-2024-068"
      },
      {
        "trust": 1.8,
        "url": "https://cert.vde.com/en/advisories/vde-2024-069"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2024-45273"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-10-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "date": "2024-10-15T11:15:11.940000",
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2024-10-18T03:31:00",
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      },
      {
        "date": "2024-10-17T17:41:43.017000",
        "db": "NVD",
        "id": "CVE-2024-45273"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MB\u00a0CONNECT\u00a0LINE\u00a0 of \u00a0mbnet.mini\u00a0 Vulnerabilities related to cryptographic strength in products from multiple vendors such as firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2024-010550"
      }
    ],
    "trust": 0.8
  }
}

CVE-2024-45273 (GCVE-0-2024-45273)

Vulnerability from cvelistv5

Published

2024-10-15 10:27

Modified

2024-10-16 17:47

Severity ?

8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-261 - Weak Encoding for Password

Summary

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

References

▼	URL	Tags
	https://cert.vde.com/en/advisories/VDE-2024-056
	https://cert.vde.com/en/advisories/VDE-2024-066
	https://cert.vde.com/en/advisories/VDE-2024-068
	https://cert.vde.com/en/advisories/VDE-2024-069

Impacted products

Vendor

Product

Version

▼

MB connect line

mbNET.mini

Version: 0.0.0 ≤ 2.2.13

MB connect line	mbNET/mbNET.rokey	Version: 0.0.0 ≤ 8.2.0
MB connect line	mbNET HW1	Version: 0.0.0 ≤ 5.1.11
MB connect line	mbSPIDER	Version: 0.0.0 ≤ 2.6.5
MB connect line	mbCONNECT24	Version: 0.0.0 ≤ 2.16.2
MB connect line	mymbCONNECT24	Version: 0.0.0 ≤ 2.16.2
Helmholz	REX100	Version: 0.0.0 ≤ <= 2.2.13
Helmholz	REX200/250	Version: 0.0.0 ≤ <= 8.2.0
Helmholz	myREX24 V2	Version: 0.0.0 ≤ <= 2.16.2
Helmholz	myREX24.virtual	Version: 0.0.0 ≤ <= 2.16.2
Helmholz	REX300	Version: 0.0.0 ≤ <= 5.1.11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbnet.mini",
            "vendor": "mb_connect_line",
            "versions": [
              {
                "lessThanOrEqual": "2.2.13",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mbnet_mbnet.rokey:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbnet_mbnet.rokey",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "8.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mbnet_hw1:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbnet_hw1",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "5.1.11",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mbspider:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbspider",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "2.6.5",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mbconnect24",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "2.16.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "mymbconnect24",
            "vendor": "mbconnectline",
            "versions": [
              {
                "lessThanOrEqual": "2.16.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rex100",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "2.2.13",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rex_200",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "8.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:rex250:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rex250",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "8.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "myrex24_v2",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "2.16.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "myrex24.virtual",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "2.16.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:helmholz:rex300:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "rex300",
            "vendor": "helmholz",
            "versions": [
              {
                "lessThanOrEqual": "5.1.11",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45273",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T18:22:26.955543Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T18:31:20.013Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-16T17:47:04.737Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "mbNET.mini",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "2.2.13",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mbNET/mbNET.rokey",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "8.2.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mbNET HW1",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "5.1.11",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mbSPIDER",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "2.6.5",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mbCONNECT24",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "2.16.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "mymbCONNECT24",
          "vendor": "MB connect line",
          "versions": [
            {
              "lessThanOrEqual": "2.16.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "REX100",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 2.2.13",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "REX200/250",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 8.2.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "myREX24 V2",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 2.16.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "myREX24.virtual",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 2.16.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "REX300",
          "vendor": "Helmholz",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 5.1.11",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Moritz Abrell"
        },
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "SySS GmbH"
        }
      ],
      "datePublic": "2024-10-15T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.\u003cbr\u003e"
            }
          ],
          "value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-261",
              "description": "CWE-261: Weak Encoding for Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T10:27:52.208Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-056"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-066"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-068"
        },
        {
          "url": "https://cert.vde.com/en/advisories/VDE-2024-069"
        }
      ],
      "source": {
        "advisory": "VDE-2024-056, VDE-2024-066, VDE-2024-068, VDE-2024-069",
        "defect": [
          "CERT@VDE#641679",
          "CERT@VDE#641695",
          "CERT@VDE#641692",
          "CERT@VDE#641696"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "MB connect line/Helmholz: Weak encryption of configuration file",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-45273",
    "datePublished": "2024-10-15T10:27:52.208Z",
    "dateReserved": "2024-08-26T09:19:01.266Z",
    "dateUpdated": "2024-10-16T17:47:04.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted