Login Sign Up

CVE-2024-45273

8.4 HIGH
Authentication Bypass

📋 TL;DR

CVE-2024-45273 allows an unauthenticated local attacker to decrypt device configuration files due to weak encryption implementation, potentially compromising the device. This affects systems using vulnerable firmware versions where local access is possible. Attackers can gain unauthorized access to sensitive configuration data.

💻 Affected Systems

Products:
  • Multiple industrial control systems and embedded devices from various manufacturers
Versions: Multiple firmware versions across different products (see VDE advisories for specifics)
Operating Systems: Embedded Linux systems, RTOS implementations
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices from multiple manufacturers including Siemens, Phoenix Contact, and others as detailed in VDE advisories. Vulnerability exists in encryption implementation across various products.

📦 What is this software?

Mbconnect24 by Mbconnectline

View all CVEs affecting Mbconnect24 →

Mbnet Firmware by Mbconnectline

View all CVEs affecting Mbnet Firmware →

Mbnet Hw1 Firmware by Mbconnectline

View all CVEs affecting Mbnet Hw1 Firmware →

Mbnet.mini Firmware by Mbconnectline

View all CVEs affecting Mbnet.mini Firmware →

Mbnet.rokey Firmware by Mbconnectline

View all CVEs affecting Mbnet.rokey Firmware →

Mbspider Mdh 905 Firmware by Mbconnectline

View all CVEs affecting Mbspider Mdh 905 Firmware →

Mbspider Mdh 906 Firmware by Mbconnectline

View all CVEs affecting Mbspider Mdh 906 Firmware →

Mbspider Mdh 915 Firmware by Mbconnectline

View all CVEs affecting Mbspider Mdh 915 Firmware →

Mbspider Mdh 916 Firmware by Mbconnectline

View all CVEs affecting Mbspider Mdh 916 Firmware →

Mymbconnect24 by Mbconnectline

View all CVEs affecting Mymbconnect24 →

Myrex24 V2 Virtual Server by Helmholz

View all CVEs affecting Myrex24 V2 Virtual Server →

Rex 100 Firmware by Helmholz

View all CVEs affecting Rex 100 Firmware →

Rex 200 Firmware by Helmholz

View all CVEs affecting Rex 200 Firmware →

Rex 250 Firmware by Helmholz

View all CVEs affecting Rex 250 Firmware →

Rex 300 Firmware by Helmholz

View all CVEs affecting Rex 300 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to modify configurations, steal credentials, or pivot to other systems on the network.

🟠

Likely Case

Unauthorized access to sensitive configuration data including passwords, network settings, and device parameters.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing local attacker access.

🌐 Internet-Facing: LOW (requires local access to exploit)
🏢 Internal Only: HIGH (local attackers on the network can exploit this vulnerability)

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires local access to the device but does not require authentication. Proof of concept details available in public advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by manufacturer - check specific vendor advisories

Vendor Advisory: https://cert.vde.com/en/advisories/VDE-2024-056

Restart Required: Yes

Instructions:

1. Identify affected devices using manufacturer tools. 2. Download latest firmware from vendor portal. 3. Backup current configuration. 4. Apply firmware update following vendor instructions. 5. Verify encryption implementation in updated version.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable devices in separate network segments to limit local attacker access

Access Control Hardening

all

Implement strict access controls to prevent unauthorized local access to devices

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable devices
  • Monitor for unauthorized access attempts and configuration changes

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against vendor advisories. Use manufacturer-specific tools to verify encryption implementation.

Check Version:

Manufacturer-specific command varies by device - typically accessed via device web interface or CLI

Verify Fix Applied:

Verify firmware version has been updated to patched version. Test configuration file encryption using vendor verification tools.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to configuration files
  • Multiple failed decryption attempts
  • Configuration file access outside normal operations

Network Indicators:

  • Unusual network traffic to/from industrial control devices
  • Protocol anomalies in device communications

SIEM Query:

source="industrial_device" AND (event_type="config_access" OR event_type="decryption_failure")

📊 Metadata

CVE ID: CVE-2024-45273
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-261
Published: October 15, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45273, you might also want to check these:

CVE-2025-31229 9.1

This vulnerability allows VoiceOver, Apple's screen reader accessibility feature, to audibly read de...

Same vulnerability type (CWE-261)
CVE-2021-21507 8.8

Dell networking devices with vulnerable firmware versions use weak password encryption, allowing rem...

Same vulnerability type (CWE-261)
CVE-2024-28270 8.1

This vulnerability in web-flash v3.0 allows attackers to reset passwords for any user account withou...

Same vulnerability type (CWE-261)