MidnightBSD

Advisories for helmholz

CVE-2020-12527 MEDIUM

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,CWE-269,

Products Affected

Vendor Product Version
helmholz myrex24.virtual *
mbconnectline mymbconnect24 *
helmholz myrex24 *
mbconnectline mbconnect24 *
CVE-2020-35557 MEDIUM

An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
helmholz myrex24.virtual *
mbconnectline mymbconnect24 *
helmholz myrex24 *
mbconnectline mbconnect24 *
CVE-2020-35558 MEDIUM

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
helmholz myrex24.virtual *
mbconnectline mymbconnect24 *
helmholz myrex24 *
mbconnectline mbconnect24 *
CVE-2020-35561 MEDIUM

An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
helmholz myrex24.virtual *
mbconnectline mymbconnect24 *
helmholz myrex24 *
mbconnectline mbconnect24 *
CVE-2020-35566 MEDIUM

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-706,

Products Affected

Vendor Product Version
helmholz myrex24.virtual *
mbconnectline mymbconnect24 *
helmholz myrex24 *
mbconnectline mbconnect24 *
CVE-2020-35568 MEDIUM

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
helmholz myrex24.virtual *
mbconnectline mymbconnect24 *
helmholz myrex24 *
mbconnectline mbconnect24 *
CVE-2020-35570 MEDIUM

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-425,

Products Affected

Vendor Product Version
helmholz myrex24.virtual *
mbconnectline mymbconnect24 *
helmholz myrex24 *
mbconnectline mbconnect24 *
CVE-2021-34574 MEDIUM

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-669,CWE-669,

Products Affected

Vendor Product Version
helmholz myrex24.virtual *
mbconnectline mymbconnect24 *
helmholz myrex24 *
mbconnectline mbconnect24 *
CVE-2022-22520

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
info@cert.vde.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
helmholz myrex24.virtual *
mbconnectline mymbconnect24 *
helmholz myrex24 *
mbconnectline mbconnect24 *
CVE-2023-34412

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

Products Affected

Vendor Product Version
redlion mbnet_mdh_831_firmware *
redlion mbnet.rokey_rkh_216_firmware *
redlion mbnet_mdh_859_firmware *
helmholz rex_250_firmware *
redlion mbnet.rokey_rkh_259_firmware *
redlion mbnet_mdh_855_firmware *
redlion mbnet_mdh_858_firmware *
redlion mbnet_mdh_871_firmware *
helmholz rex_200_firmware *
redlion mbnet_mdh_841_firmware *
redlion mbnet_mdh_876_firmware *
redlion mbnet.rokey_rkh_210_firmware *
redlion mbnet_mdh_835_firmware *
redlion mbnet_mdh_811_firmware *
redlion mbnet.rokey_rkh_235_firmware *
redlion mbnet_mdh_850_firmware *
redlion mbnet_mdh_816_firmware *
CVE-2023-4834

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

Products Affected

Vendor Product Version
helmholz myrex24.virtual *
mbconnectline mymbconnect24 *
helmholz myrex24 *
mbconnectline mbconnect24 *
CVE-2024-45271

An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
helmholz rex_100_firmware *
mbconnectline mbnet.mini_firmware *
CVE-2024-45272

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
mbconnectline mymbconnect24 *
helmholz rex_250_firmware *
helmholz rex_300_firmware *
mbconnectline mbnet.rokey_firmware *
mbconnectline mbspider_mdh_915_firmware *
mbconnectline mbspider_mdh_916_firmware *
mbconnectline mbspider_mdh_905_firmware *
mbconnectline mbnet_hw1_firmware *
helmholz myrex24_v2_virtual_server *
mbconnectline mbnet_firmware *
helmholz rex_200_firmware *
mbconnectline mbconnect24 *
mbconnectline mbspider_mdh_906_firmware *
CVE-2024-45273

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
mbconnectline mymbconnect24 *
helmholz rex_100_firmware *
helmholz rex_250_firmware *
mbconnectline mbnet.mini_firmware *
helmholz rex_300_firmware *
mbconnectline mbnet.rokey_firmware *
mbconnectline mbspider_mdh_915_firmware *
mbconnectline mbspider_mdh_916_firmware *
mbconnectline mbspider_mdh_905_firmware *
mbconnectline mbnet_hw1_firmware *
helmholz myrex24_v2_virtual_server *
mbconnectline mbnet_firmware *
helmholz rex_200_firmware *
mbconnectline mbconnect24 *
mbconnectline mbspider_mdh_906_firmware *
CVE-2024-45274

An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
helmholz rex_100_firmware *
mbconnectline mbnet.mini_firmware *
CVE-2024-45275

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
helmholz rex_100_firmware *
mbconnectline mbnet.mini_firmware *
CVE-2024-45276

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
info@cert.vde.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
helmholz rex_100_firmware *
mbconnectline mbnet.mini_firmware *