CVE-2024-45272

moderate-risk

Published 2024-10-15

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

Do I need to act?

1.0% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (13)

Myrex24 V2 Virtual Server

Rex 300 Firmware

Rex 200 Firmware

Rex 250 Firmware

Mbconnect24

Mymbconnect24

Mbspider Mdh 905 Firmware

Mbspider Mdh 915 Firmware

Mbspider Mdh 906 Firmware

Mbspider Mdh 916 Firmware

Mbnet Hw1 Firmware

Mbnet Firmware

Mbnet.Rokey Firmware

Affected Vendors

Mbconnectline Helmholz

References (3)

Third Party Advisory https://cert.vde.com/en/advisories/VDE-2024-068

Third Party Advisory https://cert.vde.com/en/advisories/VDE-2024-069

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-061.t...

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 3/34 · Minimal

Exposure 17/34 · Moderate