Vulnerabilites related to mbconnectline - mymbconnect24
CVE-2020-35561 (GCVE-0-2020-35561)
Vulnerability from cvelistv5
Published
2021-02-16 15:49
Modified
2024-09-16 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 2.12.1"
}
],
"source": {
"advisory": "VDE-2021-030, VDE-2022-039",
"discovery": "EXTERNAL"
},
"title": "SSRF in variuos products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2020-35561",
"STATE": "PUBLIC",
"TITLE": "SSRF in variuos products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 2.12.1"
}
],
"source": {
"advisory": "VDE-2021-030, VDE-2022-039",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35561",
"datePublished": "2021-02-16T15:49:45.850093Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-16T18:08:12.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12530 (GCVE-0-2020-12530)
Vulnerability from cvelistv5
Published
2021-03-02 21:15
Modified
2024-09-16 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | MB connect line | mymbCONNECT24 |
Version: 2.6.2 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2021-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-02T21:15:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-02-15T13:50:00.000Z",
"ID": "CVE-2020-12530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12530",
"datePublished": "2021-03-02T21:15:25.258645Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T19:55:41.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10381 (GCVE-0-2020-10381)
Vulnerability from cvelistv5
Published
2020-04-14 16:48
Modified
2024-08-04 10:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T18:02:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "CONFIRM",
"url": "https://mbconnectline.com/security-advice/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10381",
"datePublished": "2020-04-14T16:48:27",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-08-04T10:58:40.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10383 (GCVE-0-2020-10383)
Vulnerability from cvelistv5
Published
2020-04-14 17:00
Modified
2024-08-04 10:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T18:12:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "CONFIRM",
"url": "https://mbconnectline.com/security-advice/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10383",
"datePublished": "2020-04-14T17:00:42",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-08-04T10:58:40.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24568 (GCVE-0-2020-24568)
Vulnerability from cvelistv5
Published
2020-10-02 18:19
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T18:20:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "CONFIRM",
"url": "https://mbconnectline.com/security-advice/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24568",
"datePublished": "2020-10-02T18:19:43",
"dateReserved": "2020-08-21T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4834 (GCVE-0-2023-4834)
Vulnerability from cvelistv5
Published
2023-10-16 08:40
Modified
2024-09-16 18:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Red Lion Europe | mbCONNECT24 |
Version: 0 ≤ 2.14.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-041"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-043"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4834",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T18:16:53.810599Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:17:07.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThanOrEqual": "2.14.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThanOrEqual": "2.14.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.14.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.14.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2023-10-16T08:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eIn \u003cspan style=\"background-color: rgb(249, 250, 251);\"\u003eRed Lion Europe\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(249, 250, 251);\"\u003embCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u0026nbsp;\u003c/span\u003eimproperly implemented access validation \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallows an authenticated, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003elow privileged\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;attacker to gain read access to limited, non-critical device information in his account he should not have access to.\u003c/span\u003e\n\u003c/p\u003e\n\t\t\t\t\t\u003c/div\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n"
}
],
"value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T08:59:23.795Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-041"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-043"
}
],
"source": {
"defect": [
"CERT@VDE#64587"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-4834",
"datePublished": "2023-10-16T08:40:13.064Z",
"dateReserved": "2023-09-08T07:54:38.764Z",
"dateUpdated": "2024-09-16T18:17:07.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22520 (GCVE-0-2022-22520)
Vulnerability from cvelistv5
Published
2022-09-14 14:05
Modified
2024-09-17 04:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-204 - Response Discrepancy Information Exposure
Summary
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | MB connect line | mymbCONNECT24 |
Version: 2 < |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:14:55.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "SySS GmbH reported this vulnerability to Helmholz. Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz \u0026 MB connect line."
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:29",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-011"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Version 2.12.1"
}
],
"source": {
"advisory": "VDE-2022-011",
"discovery": "EXTERNAL"
},
"title": "User enumeration vulnerability in MB connect line and Helmholz products",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2022-22520",
"STATE": "PUBLIC",
"TITLE": "User enumeration vulnerability in MB connect line and Helmholz products"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
},
{
"product": {
"product_data": [
{
"product_name": "myREX24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "myREX24.virtual",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "Helmholz"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SySS GmbH reported this vulnerability to Helmholz. Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz \u0026 MB connect line."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-204 Response Discrepancy Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-011",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-011"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Version 2.12.1"
}
],
"source": {
"advisory": "VDE-2022-011",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2022-22520",
"datePublished": "2022-09-14T14:05:30.024889Z",
"dateReserved": "2022-01-03T00:00:00",
"dateUpdated": "2024-09-17T04:14:21.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12529 (GCVE-0-2020-12529)
Vulnerability from cvelistv5
Published
2021-03-02 21:15
Modified
2024-09-16 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | MB connect line | mymbCONNECT24 |
Version: 2.6.2 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2021-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-02T21:15:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-02-15T13:50:00.000Z",
"ID": "CVE-2020-12529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12529",
"datePublished": "2021-03-02T21:15:25.155141Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T20:42:49.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34574 (GCVE-0-2021-34574)
Vulnerability from cvelistv5
Published
2021-08-02 10:24
Modified
2024-09-16 18:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-669 - Incorrect Resource Transfer Between Spheres
Summary
In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | MB connect line | mymbCONNECT24 |
Version: 2 < |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line."
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669 Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:29",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-030"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.12.1"
}
],
"source": {
"advisory": "VDE-2021-030, VDE-2022-039",
"discovery": "EXTERNAL"
},
"title": "Password policy evasion in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2021-34574",
"STATE": "PUBLIC",
"TITLE": "Password policy evasion in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
},
{
"product": {
"product_data": [
{
"product_name": "myREX24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "myREX24.virtual",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "Helmholz"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-669 Incorrect Resource Transfer Between Spheres"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-030",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-030"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.12.1"
}
],
"source": {
"advisory": "VDE-2021-030, VDE-2022-039",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34574",
"datePublished": "2021-08-02T10:24:31.932350Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T18:14:15.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35567 (GCVE-0-2020-35567)
Vulnerability from cvelistv5
Published
2021-02-16 15:45
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:45:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35567",
"datePublished": "2021-02-16T15:45:56",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35564 (GCVE-0-2020-35564)
Vulnerability from cvelistv5
Published
2021-02-16 15:35
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:35:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35564",
"datePublished": "2021-02-16T15:35:21",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35563 (GCVE-0-2020-35563)
Vulnerability from cvelistv5
Published
2021-02-16 15:30
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:30:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35563",
"datePublished": "2021-02-16T15:30:20",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24570 (GCVE-0-2020-24570)
Vulnerability from cvelistv5
Published
2020-09-29 19:44
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:08.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T18:24:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "CONFIRM",
"url": "https://mbconnectline.com/security-advice/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24570",
"datePublished": "2020-09-29T19:44:26",
"dateReserved": "2020-08-21T00:00:00",
"dateUpdated": "2024-08-04T15:19:08.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12527 (GCVE-0-2020-12527)
Vulnerability from cvelistv5
Published
2021-03-02 21:15
Modified
2024-09-16 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | MB connect line | mymbCONNECT24 |
Version: 2.6.2 < |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
},
{
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.11.2",
"status": "affected",
"version": "2",
"versionType": "custom"
}
]
},
{
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"status": "affected",
"version": "2.11.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T06:10:07",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
},
"title": "Improper Access Validation in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2022-09-07T12:50:00.000Z",
"ID": "CVE-2020-12527",
"STATE": "PUBLIC",
"TITLE": "Improper Access Validation in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
},
{
"product": {
"product_data": [
{
"product_name": "myREX24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2",
"version_value": "2.11.2"
}
]
}
},
{
"product_name": "myREX24.virtual",
"version": {
"version_data": [
{
"version_name": "2",
"version_value": "2.11.2"
}
]
}
}
]
},
"vendor_name": "Helmholz"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12527",
"datePublished": "2021-03-02T21:15:24.885533Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T20:43:07.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35570 (GCVE-0-2020-35570)
Vulnerability from cvelistv5
Published
2021-02-16 15:23
Modified
2024-09-16 19:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Foreced Browsing vulnerability in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2020-35570",
"STATE": "PUBLIC",
"TITLE": "Foreced Browsing vulnerability in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35570",
"datePublished": "2021-02-16T15:23:53.959468Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-16T19:51:23.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10384 (GCVE-0-2020-10384)
Vulnerability from cvelistv5
Published
2020-04-14 17:08
Modified
2024-08-04 10:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T16:31:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "CONFIRM",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10384",
"datePublished": "2020-04-14T17:08:21",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-08-04T10:58:40.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35568 (GCVE-0-2020-35568)
Vulnerability from cvelistv5
Published
2021-02-16 15:44
Modified
2024-09-17 03:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Sensitive Information Exposure in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2020-35568",
"STATE": "PUBLIC",
"TITLE": "Sensitive Information Exposure in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35568",
"datePublished": "2021-02-16T15:44:10.164584Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-17T03:48:34.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35569 (GCVE-0-2020-35569)
Vulnerability from cvelistv5
Published
2021-02-16 15:37
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:37:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35569",
"datePublished": "2021-02-16T15:37:53",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10382 (GCVE-0-2020-10382)
Vulnerability from cvelistv5
Published
2020-04-14 16:53
Modified
2024-08-04 10:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T18:11:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "CONFIRM",
"url": "https://mbconnectline.com/security-advice/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10382",
"datePublished": "2020-04-14T16:53:12",
"dateReserved": "2020-03-10T00:00:00",
"dateUpdated": "2024-08-04T10:58:40.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35566 (GCVE-0-2020-35566)
Vulnerability from cvelistv5
Published
2021-02-16 15:40
Modified
2024-09-16 22:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local file inclusion vulnerability in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2020-35566",
"STATE": "PUBLIC",
"TITLE": "Local file inclusion vulnerability in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35566",
"datePublished": "2021-02-16T15:40:07.656065Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-16T22:31:00.471Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35559 (GCVE-0-2020-35559)
Vulnerability from cvelistv5
Published
2021-02-16 15:42
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.127Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:42:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35559",
"datePublished": "2021-02-16T15:42:20",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45273 (GCVE-0-2024-45273)
Vulnerability from cvelistv5
Published
2024-10-15 10:27
Modified
2024-10-16 17:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-261 - Weak Encoding for Password
Summary
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | MB connect line | mbNET.mini |
Version: 0.0.0 ≤ 2.2.13 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbnet.mini",
"vendor": "mb_connect_line",
"versions": [
{
"lessThanOrEqual": "2.2.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbnet_mbnet.rokey:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbnet_mbnet.rokey",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbnet_hw1:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbnet_hw1",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbspider:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbspider",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.6.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mymbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex100",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.2.13",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex_200",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:rex250:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex250",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24_v2",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24.virtual",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:rex300:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "rex300",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45273",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T18:22:26.955543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:31:20.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-16T17:47:04.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbNET.mini",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.2.13",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET/mbNET.rokey",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET HW1",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "5.1.11",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbSPIDER",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.5",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX100",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.2.13",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX200/250",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 8.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24 V2",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX300",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "\u003c= 5.1.11",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Moritz Abrell"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "SySS GmbH"
}
],
"datePublic": "2024-10-15T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.\u003cbr\u003e"
}
],
"value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-261",
"description": "CWE-261: Weak Encoding for Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T10:27:52.208Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-056"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-066"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-068"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-069"
}
],
"source": {
"advisory": "VDE-2024-056, VDE-2024-066, VDE-2024-068, VDE-2024-069",
"defect": [
"CERT@VDE#641679",
"CERT@VDE#641695",
"CERT@VDE#641692",
"CERT@VDE#641696"
],
"discovery": "UNKNOWN"
},
"title": "MB connect line/Helmholz: Weak encryption of configuration file",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-45273",
"datePublished": "2024-10-15T10:27:52.208Z",
"dateReserved": "2024-08-26T09:19:01.266Z",
"dateUpdated": "2024-10-16T17:47:04.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35558 (GCVE-0-2020-35558)
Vulnerability from cvelistv5
Published
2021-02-16 15:26
Modified
2024-09-16 20:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SSRF in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2020-35558",
"STATE": "PUBLIC",
"TITLE": "SSRF in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35558",
"datePublished": "2021-02-16T15:26:11.394978Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-16T20:02:23.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0985 (GCVE-0-2023-0985)
Vulnerability from cvelistv5
Published
2023-06-06 10:06
Modified
2025-01-07 19:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Summary
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | MB Connect Line | mbCONNECT24 |
Version: 1.0.0 ≤ 2.13.3 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:45.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T19:19:39.189272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T19:20:21.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB Connect Line",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB Connect Line",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Hussein Alsharafi"
}
],
"datePublic": "2023-05-15T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u0026nbsp;mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u0026lt;= 2.13.3.\u0026nbsp;An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
}
],
"value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u00a0mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u003c= 2.13.3.\u00a0An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-06T10:06:48.102Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
}
],
"source": {
"advisory": "VDE-2023-002",
"defect": [
"CERT@VDE#64404"
],
"discovery": "UNKNOWN"
},
"title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-0985",
"datePublished": "2023-06-06T10:06:48.102Z",
"dateReserved": "2023-02-23T14:11:49.473Z",
"dateUpdated": "2025-01-07T19:20:21.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12528 (GCVE-0-2020-12528)
Vulnerability from cvelistv5
Published
2021-03-02 21:15
Modified
2024-09-16 20:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | MB connect line | mymbCONNECT24 |
Version: 2.6.2 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:56:52.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.6.2",
"status": "affected",
"version": "2.6.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2021-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-02T21:15:25",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-02-15T13:50:00.000Z",
"ID": "CVE-2020-12528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.6.2",
"version_value": "2.6.2"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.7.1"
}
],
"source": {
"advisory": "VDE-2021-003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2020-12528",
"datePublished": "2021-03-02T21:15:25.048098Z",
"dateReserved": "2020-04-30T00:00:00",
"dateUpdated": "2024-09-16T20:37:38.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35560 (GCVE-0-2020-35560)
Vulnerability from cvelistv5
Published
2021-02-16 15:28
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:28:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35560",
"datePublished": "2021-02-16T15:28:01",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35557 (GCVE-0-2020-35557)
Vulnerability from cvelistv5
Published
2021-02-16 15:16
Modified
2024-09-16 17:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2022-09-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-14T14:05:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Improper Access Validation in products of MB connect line and Helmholz",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
"ID": "CVE-2020-35557",
"STATE": "PUBLIC",
"TITLE": "Improper Access Validation in products of MB connect line and Helmholz"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-003",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"name": "https://cert.vde.com/en/advisories/VDE-2022-039",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to v2.12.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35557",
"datePublished": "2021-02-16T15:16:06.296170Z",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-09-16T17:42:40.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1779 (GCVE-0-2023-1779)
Vulnerability from cvelistv5
Published
2023-06-06 10:07
Modified
2025-01-07 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | MB Connect Line | mbCONNECT24 |
Version: 1.0.0 ≤ 2.13.3 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:57:25.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1779",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T19:17:38.403913Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T19:19:11.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB Connect Line",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB Connect Line",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.13.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Helmholz GmbH \u0026 Co. KG"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u0026nbsp;in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u0026lt;=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
}
],
"value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u00a0in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u003c=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T05:30:25.424Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
}
],
"source": {
"advisory": "VDE-2023-002",
"defect": [
"CERT@VDE#64404"
],
"discovery": "UNKNOWN"
},
"title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-1779",
"datePublished": "2023-06-06T10:07:35.354Z",
"dateReserved": "2023-03-31T13:00:50.757Z",
"dateUpdated": "2025-01-07T19:19:11.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35565 (GCVE-0-2020-35565)
Vulnerability from cvelistv5
Published
2021-02-16 15:47
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:13.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-16T15:47:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "MISC",
"url": "https://mbconnectline.com/security-advice/"
},
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-003",
"refsource": "MISC",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35565",
"datePublished": "2021-02-16T15:47:27",
"dateReserved": "2020-12-18T00:00:00",
"dateUpdated": "2024-08-04T17:09:13.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34575 (GCVE-0-2021-34575)
Vulnerability from cvelistv5
Published
2021-08-02 10:24
Modified
2024-09-16 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-203 - Information Exposure Through Discrepancy
Summary
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | MB connect line | mymbCONNECT24 |
Version: 2.8.0 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.8.0",
"status": "affected",
"version": "2.8.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2021-07-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:24:32",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.9.0"
}
],
"source": {
"advisory": "VDE-2021-030",
"discovery": "EXTERNAL"
},
"title": "Information Exposure in mymbCONNECT24, mbCONNECT24 \u003c= 2.8.0",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-07-23T12:50:00.000Z",
"ID": "CVE-2021-34575",
"STATE": "PUBLIC",
"TITLE": "Information Exposure in mymbCONNECT24, mbCONNECT24 \u003c= 2.8.0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.8.0",
"version_value": "2.8.0"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.8.0",
"version_value": "2.8.0"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-203 Information Exposure Through Discrepancy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/de-de/advisories/vde-2021-030",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.9.0"
}
],
"source": {
"advisory": "VDE-2021-030",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34575",
"datePublished": "2021-08-02T10:24:32.820190Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-16T22:46:43.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45272 (GCVE-0-2024-45272)
Vulnerability from cvelistv5
Published
2024-10-15 10:27
Modified
2024-10-16 17:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1391 - Use of Weak Credentials
Summary
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | MB connect line | mbCONNECT24 |
Version: 0.0.0 ≤ 2.16.2 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "mymbconnect24",
"vendor": "mbconnectline",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24_v2",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "myrex24.virtual",
"vendor": "helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T13:40:14.338031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T13:43:55.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-16T17:36:22.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-061.txt"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24 V2",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "myREX24.virtual",
"vendor": "Helmholz",
"versions": [
{
"lessThanOrEqual": "2.16.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Moritz Abrell"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "SySS GmbH"
}
],
"datePublic": "2024-10-15T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391: Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T10:27:32.688Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-068"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-069"
}
],
"source": {
"advisory": "VDE-2024-068, VDE-2024-069",
"defect": [
"CERT@VDE#641695",
"CERT@VDE#641696"
],
"discovery": "UNKNOWN"
},
"title": "MB connect line/Helmholz: Generation of weak passwords vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-45272",
"datePublished": "2024-10-15T10:27:32.688Z",
"dateReserved": "2024-08-26T09:19:01.266Z",
"dateUpdated": "2024-10-16T17:36:22.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34580 (GCVE-0-2021-34580)
Vulnerability from cvelistv5
Published
2021-10-27 10:25
Modified
2024-09-17 01:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-204 - Response Discrepancy Information Exposure
Summary
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | MB connect line | mymbCONNECT24 |
Version: 2.9.0 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:46.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.9.0",
"status": "affected",
"version": "2.9.0",
"versionType": "custom"
}
]
},
{
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.9.0",
"status": "affected",
"version": "2.9.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "LEWA Attendorn GmbH reported the vulnerability to MB connect line. CERT@VDE coordinated."
}
],
"datePublic": "2021-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Response Discrepancy Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T10:25:09",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.10.1"
}
],
"source": {
"advisory": "VDE-2021-030",
"discovery": "EXTERNAL"
},
"title": "Remote user enumeration in mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "info@cert.vde.com",
"DATE_PUBLIC": "2021-10-27T10:00:00.000Z",
"ID": "CVE-2021-34580",
"STATE": "PUBLIC",
"TITLE": "Remote user enumeration in mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mymbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.9.0",
"version_value": "2.9.0"
}
]
}
},
{
"product_name": "mbCONNECT24",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "2.9.0",
"version_value": "2.9.0"
}
]
}
}
]
},
"vendor_name": "MB connect line"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "LEWA Attendorn GmbH reported the vulnerability to MB connect line. CERT@VDE coordinated."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-204 Response Discrepancy Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert.vde.com/en/advisories/VDE-2021-037/",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.10.1"
}
],
"source": {
"advisory": "VDE-2021-030",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-34580",
"datePublished": "2021-10-27T10:25:09.307226Z",
"dateReserved": "2021-06-10T00:00:00",
"dateUpdated": "2024-09-17T01:41:24.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24569 (GCVE-0-2020-24569)
Vulnerability from cvelistv5
Published
2020-09-29 19:39
Modified
2024-08-04 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:08.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-02T18:23:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mbconnectline.com/security-advice/",
"refsource": "CONFIRM",
"url": "https://mbconnectline.com/security-advice/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24569",
"datePublished": "2020-09-29T19:39:40",
"dateReserved": "2020-08-21T00:00:00",
"dateUpdated": "2024-08-04T15:19:08.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64D150-3FCD-4973-88EB-FDCBBC39BB4C",
"versionEndIncluding": "2.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4DEB0-F344-4B04-8BFD-1D405D0CED23",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2.\u0026#xa0;Existe un componente obsoleto y sin uso que permite la entrada de c\u00f3digo activo por parte de usuarios maliciosos"
}
],
"id": "CVE-2020-35564",
"lastModified": "2024-11-21T05:27:35.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-15 11:15
Modified
2024-11-21 09:37
Severity ?
Summary
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24_v2_virtual_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5B73E2-38BA-415D-96AF-D0F835E3C9BC",
"versionEndExcluding": "2.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:helmholz:rex_300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05CB17C2-1B86-41AA-8737-718BA9464BB0",
"versionEndIncluding": "5.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:helmholz:rex_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB65F958-3FF4-48A7-8007-406A7FDBA0E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE10F9E9-A0EE-4CF1-9F4B-6AF4179ED03E",
"versionEndExcluding": "8.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28B3785D-8EFF-4A67-88F1-8F9D0EC39D6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67ECB608-F99D-479C-95CC-349DCB530D98",
"versionEndExcluding": "8.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53454815-3E7A-4097-8FC7-2F7634DAF7E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F017673-3A54-4D92-811F-AE395CCED7CF",
"versionEndExcluding": "2.16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18BC8E52-E277-4D72-903A-A31FC658B6E2",
"versionEndExcluding": "2.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_905_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "188A4550-AE25-459E-9624-97090842230B",
"versionEndIncluding": "2.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABBF6FE-BF26-43B2-B54C-6ECE4234B3C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_915_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAEA6C5-27F5-4BA5-BEB4-DD2EDE66F877",
"versionEndIncluding": "2.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED665544-6D67-465A-8850-6FD7A44D9E6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_906_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E41557B9-9BE2-4286-A1FE-88CDAD14B824",
"versionEndIncluding": "2.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63B499C3-0C59-488D-89E7-2CBEEA42E1E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_916_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75321482-BFC4-4D37-AF03-9212AE6028A7",
"versionEndIncluding": "2.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_916:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B74973FF-4DC9-4076-A161-28EC0A5F5E6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbnet_hw1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7470E3A2-72C5-4743-ABC2-14FB4C9F02D8",
"versionEndIncluding": "5.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbnet_hw1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83E49632-8868-4BF8-A86D-E7F10130B378",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbnet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40166B67-481E-4B36-BBD8-4F5721B75B9E",
"versionEndExcluding": "8.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbnet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8CB051-1E1A-4014-9FB2-4473AC4CEE30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbnet.rokey_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE59454-A9F9-44BE-8B06-9A631332A4E9",
"versionEndExcluding": "8.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbnet.rokey:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7B6E4C-1AC2-4CD8-A056-2EF8845622CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost."
},
{
"lang": "es",
"value": "Un atacante remoto no autenticado puede realizar un ataque de fuerza bruta a las credenciales del portal de servicio remoto con una alta probabilidad de \u00e9xito, lo que da como resultado la p\u00e9rdida de la conexi\u00f3n."
}
],
"id": "CVE-2024-45272",
"lastModified": "2024-11-21T09:37:35.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Primary"
}
]
},
"published": "2024-10-15T11:15:11.673",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-068"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-061.txt"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1391"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * | |
| helmholz | myrex24 | * | |
| helmholz | myrex24.virtual | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D55D697-78A4-44E3-B6B6-E5349C610148",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04561EEC-B011-46F8-8C56-E5546D0ECD6A",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE3EED2-43AC-4129-B2C8-88DEBFEF8BA0",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847B9BE1-D7E5-4B6B-A59D-282BB58A8B64",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en MB CONNECT LINE mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual en todas las versiones hasta la v2.11.2 permite a un usuario conectado ver dispositivos en la cuenta a la que no deber\u00eda tener acceso debido al uso incorrecto de la validaci\u00f3n de acceso"
}
],
"id": "CVE-2020-35557",
"lastModified": "2024-11-21T05:27:33.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.050",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 09:15
Modified
2024-11-21 08:36
Severity ?
Summary
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2023-041 | Third Party Advisory | |
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2023-043 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2023-041 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2023-043 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| helmholz | myrex24 | * | |
| helmholz | myrex24.virtual | * | |
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B75F1E4-3DFA-4163-A9C7-8CF5C9A78562",
"versionEndIncluding": "2.14.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*",
"matchCriteriaId": "885E9E11-89FE-468F-8160-EC3B21E6CA77",
"versionEndIncluding": "2.14.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2029F9FB-397A-490D-A86F-B2B39C516A79",
"versionEndIncluding": "2.14.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F77AC2B-5B57-4CFF-A4F1-AA8E6B1B8C3B",
"versionEndIncluding": "2.14.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
},
{
"lang": "es",
"value": "En Red Lion Europe mbCONNECT24 y mymbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versi\u00f3n 2.14.2 incluida, una validaci\u00f3n de acceso implementada incorrectamente permite a un atacante autenticado y con pocos privilegios obtener acceso de lectura a informaci\u00f3n limitada y no cr\u00edtica del dispositivo a la que no deber\u00eda tener acceso en su cuenta."
}
],
"id": "CVE-2023-4834",
"lastModified": "2024-11-21T08:36:04.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "info@cert.vde.com",
"type": "Primary"
}
]
},
"published": "2023-10-16T09:15:11.830",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-041"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-043"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64D150-3FCD-4973-88EB-FDCBBC39BB4C",
"versionEndIncluding": "2.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4DEB0-F344-4B04-8BFD-1D405D0CED23",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2.\u0026#xa0;La detecci\u00f3n de fuerza bruta de las p\u00e1ginas de inicio de sesi\u00f3n est\u00e1 deshabilitada por defecto"
}
],
"id": "CVE-2020-35565",
"lastModified": "2024-11-21T05:27:35.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.503",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64D150-3FCD-4973-88EB-FDCBBC39BB4C",
"versionEndIncluding": "2.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4DEB0-F344-4B04-8BFD-1D405D0CED23",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2.\u0026#xa0;Se presenta un problema de tipo auto XSS con una cookie dise\u00f1ada en la p\u00e1gina de inicio de sesi\u00f3n"
}
],
"id": "CVE-2020-35569",
"lastModified": "2024-11-21T05:27:36.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-30 18:15
Modified
2024-11-21 05:15
Severity ?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AD8797-E4EC-4740-997B-8544E40A69BC",
"versionEndIncluding": "2.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64885B25-1389-40BA-830A-260ADFE66C8A",
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.1.\u0026#xa0;Se presenta una inyecci\u00f3n SQL ciega en el componente knximport por medio de un vector de ataque avanzado, permitiendo a atacantes registrados detectar informaci\u00f3n arbitraria"
}
],
"id": "CVE-2020-24569",
"lastModified": "2024-11-21T05:15:00.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-30T18:15:25.053",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64D150-3FCD-4973-88EB-FDCBBC39BB4C",
"versionEndIncluding": "2.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4DEB0-F344-4B04-8BFD-1D405D0CED23",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2.\u0026#xa0;Se presenta un filtro de XSS incompleto que permite a un atacante inyectar c\u00f3digo malicioso dise\u00f1ado en la p\u00e1gina"
}
],
"id": "CVE-2020-35563",
"lastModified": "2024-11-21T05:27:34.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-06 11:15
Modified
2024-11-21 07:39
Severity ?
Summary
Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2023-008/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2023-008/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC21EC6-52DA-47D9-AC27-9D1707B71467",
"versionEndIncluding": "2.13.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70123597-DE04-4807-952D-F9CFC9805A34",
"versionEndIncluding": "2.13.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u00a0in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u003c=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
}
],
"id": "CVE-2023-1779",
"lastModified": "2024-11-21T07:39:53.470",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "info@cert.vde.com",
"type": "Primary"
}
]
},
"published": "2023-06-06T11:15:09.913",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-02 22:15
Modified
2024-11-21 04:59
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * | |
| helmholz | myrex24 | * | |
| helmholz | myrex24.virtual | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D55D697-78A4-44E3-B6B6-E5349C610148",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04561EEC-B011-46F8-8C56-E5546D0ECD6A",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE3EED2-43AC-4129-B2C8-88DEBFEF8BA0",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847B9BE1-D7E5-4B6B-A59D-282BB58A8B64",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en la l\u00ednea de conexi\u00f3n MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual en todas las versiones hasta la v2.11.2. Una validaci\u00f3n de acceso inadecuada permite a un usuario conectado apagar o reiniciar los dispositivos de su cuenta sin tener los permisos correspondientes"
}
],
"id": "CVE-2020-12527",
"lastModified": "2024-11-21T04:59:52.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-03-02T22:15:12.387",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * | |
| helmholz | myrex24 | * | |
| helmholz | myrex24.virtual | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D55D697-78A4-44E3-B6B6-E5349C610148",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04561EEC-B011-46F8-8C56-E5546D0ECD6A",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE3EED2-43AC-4129-B2C8-88DEBFEF8BA0",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847B9BE1-D7E5-4B6B-A59D-282BB58A8B64",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en la l\u00ednea de conexi\u00f3n MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versi\u00f3n 2.11.2. Un atacante no autenticado es capaz de acceder a archivos (que deber\u00edan haber sido restringidos) a trav\u00e9s de la navegaci\u00f3n forzada."
}
],
"id": "CVE-2020-35570",
"lastModified": "2024-11-21T05:27:36.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-425"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-14 14:15
Modified
2024-11-21 06:46
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2022-011 | Third Party Advisory, VDB Entry | |
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2022-039 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-011 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-039 | Not Applicable |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * | |
| helmholz | myrex24 | * | |
| helmholz | myrex24.virtual | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D55D697-78A4-44E3-B6B6-E5349C610148",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04561EEC-B011-46F8-8C56-E5546D0ECD6A",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE3EED2-43AC-4129-B2C8-88DEBFEF8BA0",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847B9BE1-D7E5-4B6B-A59D-282BB58A8B64",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
},
{
"lang": "es",
"value": "Un atacante remoto no autenticado puede enumerar usuarios v\u00e1lidos mediante el env\u00edo de peticiones espec\u00edficas al webservice de la l\u00ednea de conexi\u00f3n MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual en todas las versiones hasta v2.11.2"
}
],
"id": "CVE-2022-22520",
"lastModified": "2024-11-21T06:46:56.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "info@cert.vde.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-09-14T14:15:12.427",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-011"
},
{
"source": "info@cert.vde.com",
"tags": [
"Not Applicable"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64D150-3FCD-4973-88EB-FDCBBC39BB4C",
"versionEndIncluding": "2.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4DEB0-F344-4B04-8BFD-1D405D0CED23",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2.\u0026#xa0;El software usa una contrase\u00f1a segura para el acceso a la base de datos, pero esta contrase\u00f1a es compartida entre instancias"
}
],
"id": "CVE-2020-35567",
"lastModified": "2024-11-21T05:27:35.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-02 22:15
Modified
2024-11-21 04:59
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64D150-3FCD-4973-88EB-FDCBBC39BB4C",
"versionEndIncluding": "2.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4DEB0-F344-4B04-8BFD-1D405D0CED23",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el software MB connect line mymbCONNECT24 y mbCONNECT24 en todas las versiones hasta la versi\u00f3n V2.6.2. Se presenta un problema de tipo SSRF en la comprobaci\u00f3n de acceso LDAP, lo que permite a un atacante escanear puertos abiertos"
}
],
"id": "CVE-2020-12529",
"lastModified": "2024-11-21T04:59:52.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-02T22:15:12.573",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64D150-3FCD-4973-88EB-FDCBBC39BB4C",
"versionEndIncluding": "2.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4DEB0-F344-4B04-8BFD-1D405D0CED23",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2.\u0026#xa0;Se presenta un redireccionamiento abierto no autenticado en el archivo redirect.php"
}
],
"id": "CVE-2020-35560",
"lastModified": "2024-11-21T05:27:34.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-14 18:15
Modified
2024-11-21 04:55
Severity ?
Summary
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AD8797-E4EC-4740-997B-8544E40A69BC",
"versionEndIncluding": "2.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64885B25-1389-40BA-830A-260ADFE66C8A",
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. There is a local privilege escalation from the www-data account to the root account."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los software MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 en todas las versiones hasta 2.6.1. Se presenta una escalada de privilegios locales de la cuenta www-data a la cuenta root"
}
],
"id": "CVE-2020-10384",
"lastModified": "2024-11-21T04:55:11.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-14T18:15:12.733",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-02 11:15
Modified
2024-11-21 06:10
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-030 | Third Party Advisory | |
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-030 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * | |
| helmholz | myrex24 | * | |
| helmholz | myrex24.virtual | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D55D697-78A4-44E3-B6B6-E5349C610148",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04561EEC-B011-46F8-8C56-E5546D0ECD6A",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE3EED2-43AC-4129-B2C8-88DEBFEF8BA0",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847B9BE1-D7E5-4B6B-A59D-282BB58A8B64",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
},
{
"lang": "es",
"value": "En MB connect line mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual en todas las versiones hasta la v2.11.2 un atacante autenticado puede cambiar la contrase\u00f1a de su cuenta por una nueva que viole la pol\u00edtica de contrase\u00f1as interceptando y modificando la petici\u00f3n que se env\u00eda al servidor."
}
],
"id": "CVE-2021-34574",
"lastModified": "2024-11-21T06:10:43.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-08-02T11:15:11.350",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-030"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-669"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-669"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-02 22:15
Modified
2024-11-21 04:59
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64D150-3FCD-4973-88EB-FDCBBC39BB4C",
"versionEndIncluding": "2.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4DEB0-F344-4B04-8BFD-1D405D0CED23",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. Improper use of access validation allows a logged in user to kill web2go sessions in the account he should not have access to."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el software MB connect line mymbCONNECT24 y mbCONNECT24 en todas las versiones hasta la V2.6.2.\u0026#xa0;El uso inapropiado de la comprobaci\u00f3n de acceso permite que un usuario que haya iniciado sesi\u00f3n elimine las sesiones de web2go en la cuenta a la que no deber\u00eda tener acceso"
}
],
"id": "CVE-2020-12528",
"lastModified": "2024-11-21T04:59:52.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-02T22:15:12.480",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * | |
| helmholz | myrex24 | * | |
| helmholz | myrex24.virtual | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D55D697-78A4-44E3-B6B6-E5349C610148",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04561EEC-B011-46F8-8C56-E5546D0ECD6A",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE3EED2-43AC-4129-B2C8-88DEBFEF8BA0",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847B9BE1-D7E5-4B6B-A59D-282BB58A8B64",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en la l\u00ednea de conexi\u00f3n MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual en todas las versiones hasta la v2.11.2. Un atacante puede leer archivos JSON arbitrarios a trav\u00e9s de la inclusi\u00f3n de archivos locales."
}
],
"id": "CVE-2020-35566",
"lastModified": "2024-11-21T05:27:35.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.567",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-706"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64D150-3FCD-4973-88EB-FDCBBC39BB4C",
"versionEndIncluding": "2.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4DEB0-F344-4B04-8BFD-1D405D0CED23",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.2.\u0026#xa0;Existe una funci\u00f3n en desuso que permite a un atacante autenticado usar todas las direcciones IP disponibles de una cuenta y, por lo tanto, no permite la creaci\u00f3n de nuevos dispositivos y usuarios"
}
],
"id": "CVE-2020-35559",
"lastModified": "2024-11-21T05:27:34.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-02 19:15
Modified
2024-11-21 05:15
Severity ?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AD8797-E4EC-4740-997B-8544E40A69BC",
"versionEndIncluding": "2.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64885B25-1389-40BA-830A-260ADFE66C8A",
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.1.\u0026#xa0;Se presenta una inyecci\u00f3n SQL ciega en el componente lancompenent, lo que permite a atacantes que han iniciado sesi\u00f3n detectar informaci\u00f3n arbitraria"
}
],
"id": "CVE-2020-24568",
"lastModified": "2024-11-21T05:15:00.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-02T19:15:13.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-27 11:15
Modified
2024-11-21 06:10
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2021-037/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-037/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6FA138E-7298-488C-91CB-27A3AE49AA3C",
"versionEndIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6149BB15-4765-4412-A071-C7880A52E3B3",
"versionEndIncluding": "2.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts."
},
{
"lang": "es",
"value": "En mymbCONNECT24, mbCONNECT24 versiones anteriores a 2.9.0 incluy\u00e9ndola, un usuario no autenticado puede enumerar los usuarios v\u00e1lidos del backend al comprobar qu\u00e9 tipo de respuesta env\u00eda el servidor para los intentos de inicio de sesi\u00f3n no v\u00e1lidos dise\u00f1ados"
}
],
"id": "CVE-2021-34580",
"lastModified": "2024-11-21T06:10:44.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-27T11:15:07.553",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * | |
| helmholz | myrex24 | * | |
| helmholz | myrex24.virtual | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D55D697-78A4-44E3-B6B6-E5349C610148",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04561EEC-B011-46F8-8C56-E5546D0ECD6A",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE3EED2-43AC-4129-B2C8-88DEBFEF8BA0",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847B9BE1-D7E5-4B6B-A59D-282BB58A8B64",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en la l\u00ednea de conexi\u00f3n MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual en todas las versiones hasta la v2.11.2. Un filtro incompleto aplicado a una respuesta de la base de datos permite a un atacante autenticado obtener informaci\u00f3n no p\u00fablica sobre otros usuarios y dispositivos de la cuenta.\n"
}
],
"id": "CVE-2020-35568",
"lastModified": "2024-11-21T05:27:35.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-15 11:15
Modified
2024-11-21 09:37
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbnet.mini_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E80D53-0907-45AF-A03B-A093C5CEA33B",
"versionEndExcluding": "2.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbnet.mini:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1D1B769-DA91-4F0C-AD34-D735B7A8B8FF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24_v2_virtual_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5B73E2-38BA-415D-96AF-D0F835E3C9BC",
"versionEndExcluding": "2.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:helmholz:rex_300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05CB17C2-1B86-41AA-8737-718BA9464BB0",
"versionEndIncluding": "5.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:helmholz:rex_300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB65F958-3FF4-48A7-8007-406A7FDBA0E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE10F9E9-A0EE-4CF1-9F4B-6AF4179ED03E",
"versionEndExcluding": "8.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "28B3785D-8EFF-4A67-88F1-8F9D0EC39D6C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67ECB608-F99D-479C-95CC-349DCB530D98",
"versionEndExcluding": "8.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53454815-3E7A-4097-8FC7-2F7634DAF7E1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:helmholz:rex_100_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F226166A-1261-43F9-81EC-E1C0FC9CB6E6",
"versionEndExcluding": "2.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:helmholz:rex_100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E8BE39-3C4A-484A-A34D-3CB4B46E41FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9F017673-3A54-4D92-811F-AE395CCED7CF",
"versionEndExcluding": "2.16.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18BC8E52-E277-4D72-903A-A31FC658B6E2",
"versionEndExcluding": "2.16.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_905_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "188A4550-AE25-459E-9624-97090842230B",
"versionEndIncluding": "2.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABBF6FE-BF26-43B2-B54C-6ECE4234B3C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_915_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CAEA6C5-27F5-4BA5-BEB4-DD2EDE66F877",
"versionEndIncluding": "2.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED665544-6D67-465A-8850-6FD7A44D9E6F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_906_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E41557B9-9BE2-4286-A1FE-88CDAD14B824",
"versionEndIncluding": "2.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_906:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63B499C3-0C59-488D-89E7-2CBEEA42E1E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbspider_mdh_916_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75321482-BFC4-4D37-AF03-9212AE6028A7",
"versionEndIncluding": "2.6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbspider_mdh_916:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B74973FF-4DC9-4076-A161-28EC0A5F5E6D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbnet_hw1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7470E3A2-72C5-4743-ABC2-14FB4C9F02D8",
"versionEndIncluding": "5.1.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbnet_hw1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83E49632-8868-4BF8-A86D-E7F10130B378",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbnet_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40166B67-481E-4B36-BBD8-4F5721B75B9E",
"versionEndExcluding": "8.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbnet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8CB051-1E1A-4014-9FB2-4473AC4CEE30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mbconnectline:mbnet.rokey_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE59454-A9F9-44BE-8B06-9A631332A4E9",
"versionEndExcluding": "8.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:mbconnectline:mbnet.rokey:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7B6E4C-1AC2-4CD8-A056-2EF8845622CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used."
},
{
"lang": "es",
"value": "Un atacante local no autenticado puede descifrar el archivo de configuraci\u00f3n del dispositivo y, por lo tanto, comprometer el dispositivo debido a una implementaci\u00f3n d\u00e9bil del cifrado utilizado."
}
],
"id": "CVE-2024-45273",
"lastModified": "2024-11-21T09:37:35.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-15T11:15:11.940",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-056"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-066"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-068"
},
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2024-069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-261"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-02 22:15
Modified
2024-11-21 04:59
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/de-de/advisories/vde-2021-003 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD64D150-3FCD-4973-88EB-FDCBBC39BB4C",
"versionEndIncluding": "2.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA4DEB0-F344-4B04-8BFD-1D405D0CED23",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el software MB connect line mymbCONNECT24 y mbCONNECT24, en todas las versiones hasta la V2.6.2.\u0026#xa0;Se presenta un problema de tipo XSS en el archivo redirect.php que permite a un atacante inyectar c\u00f3digo por medio de un par\u00e1metro get"
}
],
"id": "CVE-2020-12530",
"lastModified": "2024-11-21T04:59:52.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-02T22:15:12.667",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-003"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-14 17:15
Modified
2024-11-21 04:55
Severity ?
Summary
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEC0969-3731-43F5-9F29-67060E651D1A",
"versionEndIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "649AF958-3C9F-4937-A5D8-AA2827B080B6",
"versionEndIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los software MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 en todas las versiones hasta 2.5.0. Se presenta una ejecuci\u00f3n de c\u00f3digo remota no autenticada en el m\u00f3dulo com_mb24sysapi."
}
],
"id": "CVE-2020-10383",
"lastModified": "2024-11-21T04:55:11.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-14T17:15:12.043",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * | |
| helmholz | myrex24 | * | |
| helmholz | myrex24.virtual | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D55D697-78A4-44E3-B6B6-E5349C610148",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04561EEC-B011-46F8-8C56-E5546D0ECD6A",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE3EED2-43AC-4129-B2C8-88DEBFEF8BA0",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847B9BE1-D7E5-4B6B-A59D-282BB58A8B64",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en la l\u00ednea de conexi\u00f3n MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versi\u00f3n 2.11.2. Hay un SSRF en la en la comprobaci\u00f3n de acceso a MySQL, lo que permite a un atacante escanear los puertos abiertos y obtener alguna informaci\u00f3n sobre posibles credenciales"
}
],
"id": "CVE-2020-35558",
"lastModified": "2024-11-21T05:27:34.173",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.113",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-02 11:15
Modified
2024-11-21 06:10
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/de-de/advisories/vde-2021-030 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/de-de/advisories/vde-2021-030 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CDED8162-6FEE-4FDD-BFFC-93DDCE1CA011",
"versionEndIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29848C2B-8AE1-4D89-B9C6-A586C591D40A",
"versionEndIncluding": "2.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."
},
{
"lang": "es",
"value": "En MB connect line mymbCONNECT24, mbCONNECT24 versiones anteriores a 2.8.0 incluy\u00e9ndolas, un usuario no autenticado puede enumerar usuarios v\u00e1lidos al comprobar qu\u00e9 tipo de respuesta env\u00eda el servidor"
}
],
"id": "CVE-2021-34575",
"lastModified": "2024-11-21T06:10:44.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-02T11:15:11.417",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "info@cert.vde.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-14 17:15
Modified
2024-11-21 04:55
Severity ?
Summary
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEC0969-3731-43F5-9F29-67060E651D1A",
"versionEndIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "649AF958-3C9F-4937-A5D8-AA2827B080B6",
"versionEndIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated SQL injection in DATA24, allowing attackers to discover database and table names."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los software MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 en todas las versiones hasta 2.5.0. Se presenta una inyecci\u00f3n SQL no autenticada en DATA24, permitiendo a atacantes detectar nombres de bases de datos y tablas."
}
],
"id": "CVE-2020-10381",
"lastModified": "2024-11-21T04:55:11.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-14T17:15:11.933",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-02-16 16:15
Modified
2024-11-21 05:27
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| cve@mitre.org | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * | |
| helmholz | myrex24 | * | |
| helmholz | myrex24.virtual | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D55D697-78A4-44E3-B6B6-E5349C610148",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04561EEC-B011-46F8-8C56-E5546D0ECD6A",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE3EED2-43AC-4129-B2C8-88DEBFEF8BA0",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847B9BE1-D7E5-4B6B-A59D-282BB58A8B64",
"versionEndIncluding": "2.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en la l\u00ednea de conexi\u00f3n MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual en todas las versiones hasta la v2.11.2. Existe un SSRF en el m\u00f3dulo HA que permite a un atacante no autentificado escanear puertos abiertos."
}
],
"id": "CVE-2020-35561",
"lastModified": "2024-11-21T05:27:34.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-16T16:15:13.317",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2021-003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2022-039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-06 11:15
Modified
2024-11-21 07:38
Severity ?
Summary
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| info@cert.vde.com | https://cert.vde.com/en/advisories/VDE-2023-002/ | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert.vde.com/en/advisories/VDE-2023-002/ | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC21EC6-52DA-47D9-AC27-9D1707B71467",
"versionEndIncluding": "2.13.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70123597-DE04-4807-952D-F9CFC9805A34",
"versionEndIncluding": "2.13.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u00a0mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u003c= 2.13.3.\u00a0An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
}
],
"id": "CVE-2023-0985",
"lastModified": "2024-11-21T07:38:14.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "info@cert.vde.com",
"type": "Primary"
}
]
},
"published": "2023-06-06T11:15:09.093",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-30 18:15
Modified
2024-11-21 05:15
Severity ?
Summary
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AD8797-E4EC-4740-997B-8544E40A69BC",
"versionEndIncluding": "2.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64885B25-1389-40BA-830A-260ADFE66C8A",
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 versiones hasta 2.6.1.\u0026#xa0;Se presenta un problema de tipo CSRF (con un SSRF resultante) en el m\u00f3dulo com_mb24proxy, permitiendo a atacantes robar informaci\u00f3n de la sesi\u00f3n de los usuarios que han iniciado sesi\u00f3n con un enlace dise\u00f1ado"
}
],
"id": "CVE-2020-24570",
"lastModified": "2024-11-21T05:15:00.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-30T18:15:25.130",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
},
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-14 17:15
Modified
2024-11-21 04:55
Severity ?
Summary
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://mbconnectline.com/security-advice/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mbconnectline.com/security-advice/ | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAEC0969-3731-43F5-9F29-67060E651D1A",
"versionEndIncluding": "2.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "649AF958-3C9F-4937-A5D8-AA2827B080B6",
"versionEndIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en los software MB CONNECT LINE mymbCONNECT24 y mbCONNECT24 en todas las versiones hasta 2.5.0. Se presenta una ejecuci\u00f3n de c\u00f3digo remota autenticada en el planificador de copia de seguridad."
}
],
"id": "CVE-2020-10382",
"lastModified": "2024-11-21T04:55:11.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-14T17:15:11.980",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mbconnectline.com/security-advice/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}