CVE-2024-23942

Summary

A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.

Affected Software

VendorProductVersion RangeStatus
MB connect linembCONNECT240 < 2.16.2affected
MB connect linembNET0 < 8.2.0affected
MB connect linembNET.rokey0 < 8.2.0affected
MB connect linemymbCONNECT240 < 2.16.2affected

Weaknesses

  • CWE-312: CWE-312 Cleartext Storage of Sensitive Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References