helmholz CVE Vulnerabilities & Metrics

Focus on helmholz vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About helmholz Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with helmholz. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total helmholz CVEs: 14
Earliest CVE date: 16 Feb 2021, 16:15 UTC
Latest CVE date: 15 Oct 2024, 11:15 UTC

Latest CVE reference: CVE-2024-45276

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 50.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 50.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical helmholz CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 2.77

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	8
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS helmholz CVEs

These are the five CVEs with the highest CVSS scores for helmholz, sorted by severity first and recency.

CVE-2020-12527 helmholz Published on 02 Mar 2021, 22:15 UTC (CVSS: 6.8)
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.
CVE-2020-35570 helmholz Published on 16 Feb 2021, 16:15 UTC (CVSS: 5.0)
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.
CVE-2020-35566 helmholz Published on 16 Feb 2021, 16:15 UTC (CVSS: 5.0)
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.
CVE-2020-35561 helmholz Published on 16 Feb 2021, 16:15 UTC (CVSS: 5.0)
An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.
CVE-2020-35558 helmholz Published on 16 Feb 2021, 16:15 UTC (CVSS: 5.0)
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.

All CVEs for helmholz

CVE-2024-45276 helmholz vulnerability CVSS: 0 15 Oct 2024, 11:15 UTC

An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.

CVE-2024-45273 helmholz vulnerability CVSS: 0 15 Oct 2024, 11:15 UTC

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

CVE-2024-45272 helmholz vulnerability CVSS: 0 15 Oct 2024, 11:15 UTC

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

CVE-2023-4834 helmholz vulnerability CVSS: 0 16 Oct 2023, 09:15 UTC

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.

CVE-2023-34412 helmholz vulnerability CVSS: 0 17 Aug 2023, 14:15 UTC

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).

CVE-2022-22520 helmholz vulnerability CVSS: 0 14 Sep 2022, 14:15 UTC

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.

CVE-2021-34574 helmholz vulnerability CVSS: 4.0 02 Aug 2021, 11:15 UTC

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.

CVE-2020-12527 helmholz vulnerability CVSS: 6.8 02 Mar 2021, 22:15 UTC

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.

CVE-2020-35570 helmholz vulnerability CVSS: 5.0 16 Feb 2021, 16:15 UTC

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.

CVE-2020-35568 helmholz vulnerability CVSS: 4.0 16 Feb 2021, 16:15 UTC

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.

CVE-2020-35566 helmholz vulnerability CVSS: 5.0 16 Feb 2021, 16:15 UTC

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.

CVE-2020-35561 helmholz vulnerability CVSS: 5.0 16 Feb 2021, 16:15 UTC

An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.

CVE-2020-35558 helmholz vulnerability CVSS: 5.0 16 Feb 2021, 16:15 UTC

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.

CVE-2020-35557 helmholz vulnerability CVSS: 4.0 16 Feb 2021, 16:15 UTC

An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.