CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23943 – MB connect line: Cloud API access due to a lack of authentication for a critical function
https://notcve.org/view.php?id=CVE-2024-23943
18 Mar 2025 — An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected. • https://cert.vde.com/en/advisories/VDE-2024-010 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-23942 – MB connect line: Configuration File on the client workstation is not encrypted
https://notcve.org/view.php?id=CVE-2024-23942
18 Mar 2025 — A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS. • https://cert.vde.com/en/advisories/VDE-2024-010 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.4EPSS: 0%CPEs: 11EXPL: 0CVE-2024-45273 – MB connect line/Helmholz: Weak encryption of configuration file
https://notcve.org/view.php?id=CVE-2024-45273
15 Oct 2024 — An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. Un atacante local no autenticado puede descifrar el archivo de configuración del dispositivo y, por lo tanto, comprometer el dispositivo debido a una implementación débil del cifrado utilizado. • https://cert.vde.com/en/advisories/VDE-2024-056 • CWE-261: Weak Encoding for Password •