Description
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Helmholz / myREX24 V20.0.0 – 2.16.2
- Helmholz / myREX24.virtual0.0.0 – 2.16.2
- MB connect line / mbCONNECT240.0.0 – 2.16.2
- MB connect line / mymbCONNECT240.0.0 – 2.16.2
References
- VENDOR_ADVISORYhttps://cert.vde.com/en/advisories/VDE-2024-068
- VENDOR_ADVISORYhttps://cert.vde.com/en/advisories/VDE-2024-069