Germany’s CERT@VDE reports critical flaws in mbNET.mini and Helmholz industrial routers

Germany’s CERT@VDE is reporting several critical and high-severity vulnerabilities in industrial routers, affecting the mbNET.mini from MB Connect Line and Helmholz's REX100. Common CVE are issued for both vendors are issiued because of  shared codebases.

These routers are widely used as VPN gateways for remote access in industrial environments. The vulnerabilities were discovered by Moritz Abrell of German cybersecurity firm SySS and responsibly disclosed to MB Connect Line's parent company, Red Lion.

Vulnerability summary

• CVE-2024-45274 (CVSS score 9.8) - Allows unauthenticated remote attackers to execute arbitrary OS commands due to missing authentication.
• CVE-2024-45275 (CVSS score 9.8) - Enables attackers to fully control the device through hardcoded credentials.

Three other vulnerabilities have been categorized as high-severity. These flaws can lead to privilege escalation and information disclosure:

• CVE-2024-45271 (CVSS score 8.4)
• CVE-2024-45273 (CVSS score 8.4)
• CVE-2024-45276 CVSS score 8.4)

All three can be exploited without authentication. Two require local access, increasing their exploit complexity.

With physical access (e.g., via a USB stick), attackers could fully compromise the device, install malware, or remotely control it. Network access to exposed services could also allow full device compromise. Attackers who obtain encrypted configurations could decrypt them to retrieve sensitive information like VPN credentials, leading to further attacks on connected industrial systems (e.g., PLCs, neighboring network devices).

MB Connect Line and Helmholz have released patches for the vulnerabilities.

Users are advised to apply firmware updates, and disable unnecessary internet exposure.