CVE-2024-45272

MB connect line/Helmholz: Generation of weak passwords vulnerability

CVSS 7.5 HIGHEPSS 0.6%CWE-1391

In short

The remote service portal in MB connect line/Helmholz devices generates weak passwords that are easy to guess, allowing attackers to break in without authorization and disrupt connections.

Technical detail

An unauthenticated remote attacker can exploit weak password generation (CWE-1391) in the remote service portal to conduct efficient brute-force attacks against service credentials. Successful compromise results in unauthorized access and denial of service through connection termination.

Summary generated and translated by AI from the official description.

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Helmholz · myREX24 V2 Helmholz · myREX24.virtual MB connect line · mbCONNECT24 MB connect line · mymbCONNECT24

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cert.vde.com/en/advisories/VDE-2024-068 https://cert.vde.com/en/advisories/VDE-2024-069 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-061.txt