VDE-2024-042
Last update
17.08.2023 14:00
Published at
17.08.2023 14:00
Vendor(s)
MB connect line GmbH
External ID
VDE-2024-042
CSAF Document
Summary
Several Red Lion Europe products are vulnerable to a possible race condition vulnerability in OpenSSH named "regreSSHion".
Impact
Possible full system compromise where an attacker can execute arbitrary code with the highest privileges.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| mbCONNECT24 <2.16.1 | mbCONNECT24 <2.16.1 | |
| mbNET 8.0.0<8.2.0 | mbNET 8.0.0<8.2.0 | |
| mbNET.rokey 8.0.0<8.2.0 | mbNET.rokey 8.0.0<8.2.0 | |
| mymbCONNECT24 <2.16.1 | mymbCONNECT24 <2.16.1 | |
| mbCONNECT24 <2.16.1 | mbCONNECT24 <2.16.1 | |
| mbNET 8.0.0<8.2.0 | mbNET 8.0.0<8.2.0 | |
| mbNET.rokey 8.0.0<8.2.0 | mbNET.rokey 8.0.0<8.2.0 | |
| mymbCONNECT24 <2.16.1 | mymbCONNECT24 <2.16.1 |
Vulnerabilities
Expand / Collapse all
Published
24.09.2025 12:42
Severity
Weakness
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Summary
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
References
Mitigation
Prevent all access to the sshd daemon listening on port 22.
Remediation
Update to latest firmware:
2.16.1 for mbCONNECT24/mymbCONNECT24
8.2.0 for mbNET/mbNET.rokey
Acknowledgments
MB connect line GmbH thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 17.08.2023 14:00 | Initial revision. |