Search criteria
6 vulnerabilities found for rex_200_firmware by helmholz
CVE-2024-45273 (GCVE-0-2024-45273)
Vulnerability from nvd – Published: 2024-10-15 10:27 – Updated: 2024-10-16 17:47
VLAI
Title
MB connect line/Helmholz: Weak encryption of configuration file
Summary
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
Severity
8.4 (High)
CWE
- CWE-261 - Weak Encoding for Password
Assigner
References
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| MB connect line | mbNET.mini |
Affected:
0.0.0 , ≤ 2.2.13
(semver)
|
|
| MB connect line | mbNET/mbNET.rokey |
Affected:
0.0.0 , ≤ 8.2.0
(semver)
|
|
| MB connect line | mbNET HW1 |
Affected:
0.0.0 , ≤ 5.1.11
(semver)
|
|
| MB connect line | mbSPIDER |
Affected:
0.0.0 , ≤ 2.6.5
(semver)
|
|
| MB connect line | mbCONNECT24 |
Affected:
0.0.0 , ≤ 2.16.2
(semver)
|
|
| MB connect line | mymbCONNECT24 |
Affected:
0.0.0 , ≤ 2.16.2
(semver)
|
|
| Helmholz | REX100 |
Affected:
0.0.0 , ≤ <= 2.2.13
(semver)
|
|
| Helmholz | REX200/250 |
Affected:
0.0.0 , ≤ <= 8.2.0
(semver)
|
|
| Helmholz | myREX24 V2 |
Affected:
0.0.0 , ≤ <= 2.16.2
(semver)
|
|
| Helmholz | myREX24.virtual |
Affected:
0.0.0 , ≤ <= 2.16.2
(semver)
|
|
| Helmholz | REX300 |
Affected:
0.0.0 , ≤ <= 5.1.11
(semver)
|
Date Public
2024-10-15 08:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbnet.mini",
"vendor": "mb_connect_line",
"versions": [
{
"lessThanOrEqual": "2.2.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbnet_mbnet.rokey:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbnet_mbnet.rokey",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbnet_hw1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbnet_hw1",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbspider:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbspider",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.6.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mymbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex100",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.2.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex_200",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:rex250:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex250",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24_v2",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24.virtual",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:rex300:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex300",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:22:26.955543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:31:20.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-16T17:47:04.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbNET.mini",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.2.13",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET/mbNET.rokey",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET HW1",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbSPIDER",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX100",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.2.13",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX200/250",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 8.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24 V2",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX300",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 5.1.11",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Moritz Abrell"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "SySS GmbH"
}
],
"datePublic": "2024-10-15T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.\u003cbr\u003e"
}
],
"value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "CWE-261: Weak Encoding for Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T10:27:52.208Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-056"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-066"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-068"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-069"
}
],
"source": {
"advisory": "VDE-2024-056, VDE-2024-066, VDE-2024-068, VDE-2024-069",
"defect": [
"CERT@VDE#641679",
"CERT@VDE#641695",
"CERT@VDE#641692",
"CERT@VDE#641696"
],
"discovery": "UNKNOWN"
},
"title": "MB connect line/Helmholz: Weak encryption of configuration file",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-45273",
"datePublished": "2024-10-15T10:27:52.208Z",
"dateReserved": "2024-08-26T09:19:01.266Z",
"dateUpdated": "2024-10-16T17:47:04.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45272 (GCVE-0-2024-45272)
Vulnerability from nvd – Published: 2024-10-15 10:27 – Updated: 2024-10-16 17:36
VLAI
Title
MB connect line/Helmholz: Generation of weak passwords vulnerability
Summary
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
Severity
7.5 (High)
CWE
- CWE-1391 - Use of Weak Credentials
Assigner
References
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| MB connect line | mbCONNECT24 |
Affected:
0.0.0 , ≤ 2.16.2
(semver)
|
|
| MB connect line | mymbCONNECT24 |
Affected:
0.0.0 , ≤ 2.16.2
(semver)
|
|
| Helmholz | myREX24 V2 |
Affected:
0.0.0 , ≤ 2.16.2
(semver)
|
|
| Helmholz | myREX24.virtual |
Affected:
0.0.0 , ≤ 2.16.2
(semver)
|
Date Public
2024-10-15 08:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mymbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24_v2",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24.virtual",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T13:40:14.338031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T13:43:55.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-16T17:36:22.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-061.txt"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24 V2",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Moritz Abrell"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "SySS GmbH"
}
],
"datePublic": "2024-10-15T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391: Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T10:27:32.688Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-068"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-069"
}
],
"source": {
"advisory": "VDE-2024-068, VDE-2024-069",
"defect": [
"CERT@VDE#641695",
"CERT@VDE#641696"
],
"discovery": "UNKNOWN"
},
"title": "MB connect line/Helmholz: Generation of weak passwords vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-45272",
"datePublished": "2024-10-15T10:27:32.688Z",
"dateReserved": "2024-08-26T09:19:01.266Z",
"dateUpdated": "2024-10-16T17:36:22.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34412 (GCVE-0-2023-34412)
Vulnerability from nvd – Published: 2023-08-17 13:07 – Updated: 2024-08-02 16:10
VLAI
Title
Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250
Summary
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an
authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).
Severity
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Lion Europe | mbNET |
Affected:
0 , < 7.3.2
(semver)
|
|
| Red Lion Europe | mbNET.rokey |
Affected:
0 , < 7.3.2
(semver)
|
|
| Helmholz | REX 200 |
Affected:
0 , < 7.3.2
(semver)
|
|
| Helmholz | REX 250 |
Affected:
0 , < 7.3.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-029/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbNET",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET.rokey",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX 200",
"vendor": "Helmholz",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX 250",
"vendor": "Helmholz",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."
}
],
"value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T11:02:33.346Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-012/"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-029/"
}
],
"source": {
"defect": [
"CERT@VDE#64536"
],
"discovery": "UNKNOWN"
},
"title": "Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-34412",
"datePublished": "2023-08-17T13:07:01.697Z",
"dateReserved": "2023-06-05T12:05:57.451Z",
"dateUpdated": "2024-08-02T16:10:06.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45273 (GCVE-0-2024-45273)
Vulnerability from cvelistv5 – Published: 2024-10-15 10:27 – Updated: 2024-10-16 17:47
VLAI
Title
MB connect line/Helmholz: Weak encryption of configuration file
Summary
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
Severity
8.4 (High)
CWE
- CWE-261 - Weak Encoding for Password
Assigner
References
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| MB connect line | mbNET.mini |
Affected:
0.0.0 , ≤ 2.2.13
(semver)
|
|
| MB connect line | mbNET/mbNET.rokey |
Affected:
0.0.0 , ≤ 8.2.0
(semver)
|
|
| MB connect line | mbNET HW1 |
Affected:
0.0.0 , ≤ 5.1.11
(semver)
|
|
| MB connect line | mbSPIDER |
Affected:
0.0.0 , ≤ 2.6.5
(semver)
|
|
| MB connect line | mbCONNECT24 |
Affected:
0.0.0 , ≤ 2.16.2
(semver)
|
|
| MB connect line | mymbCONNECT24 |
Affected:
0.0.0 , ≤ 2.16.2
(semver)
|
|
| Helmholz | REX100 |
Affected:
0.0.0 , ≤ <= 2.2.13
(semver)
|
|
| Helmholz | REX200/250 |
Affected:
0.0.0 , ≤ <= 8.2.0
(semver)
|
|
| Helmholz | myREX24 V2 |
Affected:
0.0.0 , ≤ <= 2.16.2
(semver)
|
|
| Helmholz | myREX24.virtual |
Affected:
0.0.0 , ≤ <= 2.16.2
(semver)
|
|
| Helmholz | REX300 |
Affected:
0.0.0 , ≤ <= 5.1.11
(semver)
|
Date Public
2024-10-15 08:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbnet.mini",
"vendor": "mb_connect_line",
"versions": [
{
"lessThanOrEqual": "2.2.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbnet_mbnet.rokey:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbnet_mbnet.rokey",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbnet_hw1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbnet_hw1",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbspider:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbspider",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.6.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mymbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex100",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.2.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex_200",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:rex250:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex250",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24_v2",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24.virtual",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:rex300:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex300",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:22:26.955543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:31:20.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-16T17:47:04.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbNET.mini",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.2.13",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET/mbNET.rokey",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET HW1",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbSPIDER",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX100",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.2.13",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX200/250",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 8.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24 V2",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX300",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 5.1.11",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Moritz Abrell"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "SySS GmbH"
}
],
"datePublic": "2024-10-15T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.\u003cbr\u003e"
}
],
"value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "CWE-261: Weak Encoding for Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T10:27:52.208Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-056"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-066"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-068"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-069"
}
],
"source": {
"advisory": "VDE-2024-056, VDE-2024-066, VDE-2024-068, VDE-2024-069",
"defect": [
"CERT@VDE#641679",
"CERT@VDE#641695",
"CERT@VDE#641692",
"CERT@VDE#641696"
],
"discovery": "UNKNOWN"
},
"title": "MB connect line/Helmholz: Weak encryption of configuration file",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-45273",
"datePublished": "2024-10-15T10:27:52.208Z",
"dateReserved": "2024-08-26T09:19:01.266Z",
"dateUpdated": "2024-10-16T17:47:04.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45272 (GCVE-0-2024-45272)
Vulnerability from cvelistv5 – Published: 2024-10-15 10:27 – Updated: 2024-10-16 17:36
VLAI
Title
MB connect line/Helmholz: Generation of weak passwords vulnerability
Summary
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
Severity
7.5 (High)
CWE
- CWE-1391 - Use of Weak Credentials
Assigner
References
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| MB connect line | mbCONNECT24 |
Affected:
0.0.0 , ≤ 2.16.2
(semver)
|
|
| MB connect line | mymbCONNECT24 |
Affected:
0.0.0 , ≤ 2.16.2
(semver)
|
|
| Helmholz | myREX24 V2 |
Affected:
0.0.0 , ≤ 2.16.2
(semver)
|
|
| Helmholz | myREX24.virtual |
Affected:
0.0.0 , ≤ 2.16.2
(semver)
|
Date Public
2024-10-15 08:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mymbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24_v2",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24.virtual",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T13:40:14.338031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T13:43:55.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-16T17:36:22.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-061.txt"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24 V2",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Moritz Abrell"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "SySS GmbH"
}
],
"datePublic": "2024-10-15T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391: Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T10:27:32.688Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-068"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-069"
}
],
"source": {
"advisory": "VDE-2024-068, VDE-2024-069",
"defect": [
"CERT@VDE#641695",
"CERT@VDE#641696"
],
"discovery": "UNKNOWN"
},
"title": "MB connect line/Helmholz: Generation of weak passwords vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-45272",
"datePublished": "2024-10-15T10:27:32.688Z",
"dateReserved": "2024-08-26T09:19:01.266Z",
"dateUpdated": "2024-10-16T17:36:22.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-34412 (GCVE-0-2023-34412)
Vulnerability from cvelistv5 – Published: 2023-08-17 13:07 – Updated: 2024-08-02 16:10
VLAI
Title
Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250
Summary
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an
authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).
Severity
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Lion Europe | mbNET |
Affected:
0 , < 7.3.2
(semver)
|
|
| Red Lion Europe | mbNET.rokey |
Affected:
0 , < 7.3.2
(semver)
|
|
| Helmholz | REX 200 |
Affected:
0 , < 7.3.2
(semver)
|
|
| Helmholz | REX 250 |
Affected:
0 , < 7.3.2
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-029/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbNET",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET.rokey",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX 200",
"vendor": "Helmholz",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX 250",
"vendor": "Helmholz",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."
}
],
"value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T11:02:33.346Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-012/"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-029/"
}
],
"source": {
"defect": [
"CERT@VDE#64536"
],
"discovery": "UNKNOWN"
},
"title": "Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-34412",
"datePublished": "2023-08-17T13:07:01.697Z",
"dateReserved": "2023-06-05T12:05:57.451Z",
"dateUpdated": "2024-08-02T16:10:06.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}