Summary: Security advisories from CERT@VDE in collaboration with MB connect line and Helmholz have identified critical vulnerabilities in various industrial communication devices, posing severe cybersecurity threats. Flaws in myREX24, mbCONNECT24, and other related products may lead to a significant loss of confidentiality, integrity, and availability. Users are urged to update their devices to mitigate these risks effectively.
Affected: myREX24, myREX24.virtual, mbCONNECT24, mbNET, and similar product lines
Keypoints :
- Critical vulnerabilities tracked as CVE-2024-23943 (CVSS 9.1) and CVE-2024-23942 (CVSS 7.1) identified.
- Unauthenticated remote attackers can access the cloud API, risking complete loss of confidentiality and integrity.
- Immediate updates to the latest versions (2.16.2 for certain products, 8.2.0 for others) are recommended to mitigate risks.