CVE-2023-34412 (GCVE-0-2023-34412)
Vulnerability from cvelistv5
Published
2023-08-17 13:07
Modified
2024-08-02 16:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an
authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).
References
| ► | URL | Tags | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Red Lion Europe | mbNET |
Version: 0 ≤ |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-029/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbNET",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mbNET.rokey",
"vendor": "Red Lion Europe",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX 200",
"vendor": "Helmholz",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "REX 250",
"vendor": "Helmholz",
"versions": [
{
"lessThan": "7.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."
}
],
"value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-16T11:02:33.346Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-012/"
},
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-029/"
}
],
"source": {
"defect": [
"CERT@VDE#64536"
],
"discovery": "UNKNOWN"
},
"title": "Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-34412",
"datePublished": "2023-08-17T13:07:01.697Z",
"dateReserved": "2023-06-05T12:05:57.451Z",
"dateUpdated": "2024-08-02T16:10:06.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-34412\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2023-08-17T14:15:09.700\",\"lastModified\":\"2024-11-21T08:07:11.220\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"18903E70-B902-4182-B41D-666EB8C3B61C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53454815-3E7A-4097-8FC7-2F7634DAF7E1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"66925474-A4F6-4D7C-8163-290761406352\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28B3785D-8EFF-4A67-88F1-8F9D0EC39D6C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet.rokey_rkh_210_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"498A9C6F-FCEE-44F9-AC64-8C070E9E31A4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet.rokey_rkh_210:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DBA39B6-4D76-44ED-847F-10B2BA96EB0F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet.rokey_rkh_216_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"C2FEA63F-166C-4D08-8F49-8F1962CB97E2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet.rokey_rkh_216:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F530332-3BFB-43D3-AD5F-0B4410543BEA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet.rokey_rkh_235_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"35085939-39A2-482B-802F-77313F1CA63D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet.rokey_rkh_235:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"873AEDC5-A8B6-4B76-8A43-A3C6241ABE09\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet.rokey_rkh_259_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"7EF81568-103C-408A-A575-33588BF5903B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet.rokey_rkh_259:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"031FFFE6-9C5F-47D9-8264-CC7C2D256941\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet_mdh_811_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"EBE73666-D739-4C07-B7B4-31BBC0608C74\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet_mdh_811:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30C680F1-60C6-43BF-BE62-D9D49A609734\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet_mdh_850_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"12FBFD60-81BC-4B25-8AC5-E041E57A870E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet_mdh_850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C293C0F8-EF07-4F19-A7B6-CE5EC170E042\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet_mdh_871_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"68D51AD3-E614-45C3-8163-9547DCD41FEB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet_mdh_871:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4347DC3-2035-4328-91CE-3ABA912A3B7D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet_mdh_831_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"C06DD90C-4E6D-4836-99CA-16A0F0AAE6E1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet_mdh_831:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A275C2A8-D5B6-4B32-9080-5E41B51B4487\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet_mdh_855_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"D1997B14-061F-47D6-8FF0-266D316211CB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet_mdh_855:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"055F9937-565E-4103-9E2A-0BB274B1D770\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet_mdh_876_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"A72C9074-B9A0-4DF9-9262-0937C6B2B3FF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet_mdh_876:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E152B4F0-44A1-45FD-A541-0E039479DC00\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet_mdh_858_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"745A8264-D4A7-4431-83E0-63FA59A8E575\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet_mdh_858:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0002E5EA-F173-4861-95D9-6996A51F08A0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet_mdh_816_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"CD074843-119D-4738-8F52-D43B825AA472\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet_mdh_816:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B61FB21C-AD6B-4BF8-A303-8C0122276B7A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet_mdh_841_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"EAEF7742-A151-4139-A664-DE482CC1B830\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet_mdh_841:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1C27B28-A5ED-4C25-B0B9-14D1E89A414B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet_mdh_859_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"3AC171EC-9196-4DFA-A07F-C4DC8D1037DD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet_mdh_859:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35427F3B-13D9-42E4-8547-0DC3A2B03662\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redlion:mbnet_mdh_835_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3.2\",\"matchCriteriaId\":\"967284B7-89DE-41E7-AD1F-61F0F3530944\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:redlion:mbnet_mdh_835:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53DA2CB3-9C62-4CE1-8DB8-2E7378D162E4\"}]}]}],\"references\":[{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-012/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-029/\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-012/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.vde.com/en/advisories/VDE-2023-029/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…