CVE-2024-45273

HIGH

Helmholz and mbconnectline Devices - Weak Encryption Leading to Information Disclosure

Title source: llm

Description

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

References (5)

[Various Sources] https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2024-056

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2024-066

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2024-068

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2024-069

Scores

CVSS v3 8.4

EPSS 0.0009

EPSS Percentile 24.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-326 CWE-261

Status published

Products (15)

helmholz/myrex24_v2_virtual_server < 2.16.3

helmholz/rex_100_firmware < 2.3.1

helmholz/rex_200_firmware < 8.2.1

helmholz/rex_250_firmware < 8.2.1

helmholz/rex_300_firmware < 5.1.11

mbconnectline/mbconnect24 < 2.16.3

mbconnectline/mbnet.mini_firmware < 2.3.1

mbconnectline/mbnet.rokey_firmware < 8.2.1

mbconnectline/mbnet_firmware < 8.2.1

mbconnectline/mbnet_hw1_firmware < 5.1.11

... and 5 more

Published Oct 15, 2024

Tracked Since Feb 18, 2026