Search

Find a vulnerability

Search criteria

    78 vulnerabilities found for mymbconnect24 by mbconnectline

    CVE-2026-33617 (GCVE-0-2026-33617)

    Vulnerability from nvd – Published: 2026-04-02 09:00 – Updated: 2026-04-03 17:21
    VLAI
    Title
    MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint
    Summary
    An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    Date Public
    2026-04-02 09:00
    Credits
    Moritz Abrell, Christian Zäske from SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33617",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-03T17:21:45.412589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T17:21:51.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"
            }
          ],
          "datePublic": "2026-04-02T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T09:00:17.434Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/de/advisories/VDE-2026-030"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-030",
            "defect": [
              "CERT@VDE#641994"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-33617",
        "datePublished": "2026-04-02T09:00:10.713Z",
        "dateReserved": "2026-03-23T13:15:49.382Z",
        "dateUpdated": "2026-04-03T17:21:51.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33616 (GCVE-0-2026-33616)

    Vulnerability from nvd – Published: 2026-04-02 08:59 – Updated: 2026-04-02 13:08
    VLAI
    Title
    MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint
    Summary
    An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    Date Public
    2026-04-02 09:00
    Credits
    Moritz Abrell, Christian Zäske from SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T13:08:03.527993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-02T13:08:18.951Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"
            }
          ],
          "datePublic": "2026-04-02T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T08:59:55.743Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/de/advisories/VDE-2026-030"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-030",
            "defect": [
              "CERT@VDE#641994"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-33616",
        "datePublished": "2026-04-02T08:59:55.743Z",
        "dateReserved": "2026-03-23T13:15:49.382Z",
        "dateUpdated": "2026-04-02T13:08:18.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33615 (GCVE-0-2026-33615)

    Vulnerability from nvd – Published: 2026-04-02 08:59 – Updated: 2026-04-02 14:29
    VLAI
    Title
    MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint
    Summary
    An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    Date Public
    2026-04-02 09:00
    Credits
    Moritz Abrell, Christian Zäske from SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33615",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T14:29:33.756162Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-02T14:29:46.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"
            }
          ],
          "datePublic": "2026-04-02T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T08:59:48.843Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/de/advisories/VDE-2026-030"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-030",
            "defect": [
              "CERT@VDE#641994"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-33615",
        "datePublished": "2026-04-02T08:59:48.843Z",
        "dateReserved": "2026-03-23T13:15:49.382Z",
        "dateUpdated": "2026-04-02T14:29:46.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33614 (GCVE-0-2026-33614)

    Vulnerability from nvd – Published: 2026-04-02 08:59 – Updated: 2026-04-02 13:30
    VLAI
    Title
    MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint
    Summary
    An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    Date Public
    2026-04-02 09:00
    Credits
    Moritz Abrell, Christian Zäske from SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33614",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T13:29:54.050449Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-02T13:30:10.029Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"
            }
          ],
          "datePublic": "2026-04-02T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T08:59:40.736Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/de/advisories/VDE-2026-030"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-030",
            "defect": [
              "CERT@VDE#641994"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-33614",
        "datePublished": "2026-04-02T08:59:40.736Z",
        "dateReserved": "2026-03-23T13:15:49.381Z",
        "dateUpdated": "2026-04-02T13:30:10.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33613 (GCVE-0-2026-33613)

    Vulnerability from nvd – Published: 2026-04-02 08:59 – Updated: 2026-04-02 13:42
    VLAI
    Title
    MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray
    Summary
    Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    Date Public
    2026-04-02 09:00
    Credits
    Moritz Abrell, Christian Zäske from SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33613",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T13:41:33.794559Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-02T13:42:38.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"
            }
          ],
          "datePublic": "2026-04-02T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise.\u003cbr\u003eThis vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.\u003cbr\u003e"
                }
              ],
              "value": "Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise.\nThis vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T08:59:34.008Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/de/advisories/VDE-2026-030"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-030",
            "defect": [
              "CERT@VDE#641994"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-33613",
        "datePublished": "2026-04-02T08:59:34.008Z",
        "dateReserved": "2026-03-23T13:15:49.381Z",
        "dateUpdated": "2026-04-02T13:42:38.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-45273 (GCVE-0-2024-45273)

    Vulnerability from nvd – Published: 2024-10-15 10:27 – Updated: 2024-10-16 17:47
    VLAI
    Title
    MB connect line/Helmholz: Weak encryption of configuration file
    Summary
    An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-261 - Weak Encoding for Password
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , ≤ 2.2.13 (semver)
    Create a notification for this product.
    MB connect line mbNET/mbNET.rokey Affected: 0.0.0 , ≤ 8.2.0 (semver)
    Create a notification for this product.
    MB connect line mbNET HW1 Affected: 0.0.0 , ≤ 5.1.11 (semver)
    Create a notification for this product.
    MB connect line mbSPIDER Affected: 0.0.0 , ≤ 2.6.5 (semver)
    Create a notification for this product.
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.16.2 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.16.2 (semver)
    Create a notification for this product.
    Helmholz REX100 Affected: 0.0.0 , ≤ <= 2.2.13 (semver)
    Create a notification for this product.
    Helmholz REX200/250 Affected: 0.0.0 , ≤ <= 8.2.0 (semver)
    Create a notification for this product.
    Helmholz myREX24 V2 Affected: 0.0.0 , ≤ <= 2.16.2 (semver)
    Create a notification for this product.
    Helmholz myREX24.virtual Affected: 0.0.0 , ≤ <= 2.16.2 (semver)
    Create a notification for this product.
    Helmholz REX300 Affected: 0.0.0 , ≤ <= 5.1.11 (semver)
    Create a notification for this product.
    mb_connect_line mbnet.mini Affected: 0 , ≤ 2.2.13 (semver)
        cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mbconnectline mbnet_mbnet.rokey Affected: 0 , ≤ 8.2.0 (semver)
        cpe:2.3:a:mbconnectline:mbnet_mbnet.rokey:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mbconnectline mbnet_hw1 Affected: 0 , ≤ 5.1.11 (semver)
        cpe:2.3:a:mbconnectline:mbnet_hw1:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mbconnectline mbspider Affected: 0 , ≤ 2.6.5 (semver)
        cpe:2.3:a:mbconnectline:mbspider:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mbconnectline mbconnect24 Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*
    Create a notification for this product.
    mbconnectline mymbconnect24 Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz rex100 Affected: 0 , ≤ 2.2.13 (semver)
        cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz rex_200 Affected: 0 , ≤ 8.2.0 (semver)
        cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz rex250 Affected: 0 , ≤ 8.2.0 (semver)
        cpe:2.3:a:helmholz:rex250:*:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz myrex24_v2 Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz myrex24.virtual Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz rex300 Affected: 0 , ≤ 5.1.11 (semver)
        cpe:2.3:a:helmholz:rex300:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-15 08:00
    Credits
    Moritz Abrell SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbnet.mini",
                "vendor": "mb_connect_line",
                "versions": [
                  {
                    "lessThanOrEqual": "2.2.13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mbnet_mbnet.rokey:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbnet_mbnet.rokey",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mbnet_hw1:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbnet_hw1",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "5.1.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mbspider:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbspider",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "2.6.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbconnect24",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mymbconnect24",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "rex100",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "2.2.13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "rex_200",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:rex250:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "rex250",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "myrex24_v2",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "myrex24.virtual",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:rex300:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "rex300",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "5.1.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T18:22:26.955543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T18:31:20.013Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-16T17:47:04.737Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.13",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mbNET/mbNET.rokey",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mbNET HW1",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.11",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mbSPIDER",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c= 2.2.13",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX200/250",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c= 8.2.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24 V2",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c= 2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c= 2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX300",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c= 5.1.11",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "SySS GmbH"
            }
          ],
          "datePublic": "2024-10-15T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-261",
                  "description": "CWE-261: Weak Encoding for Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-15T10:27:52.208Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-056"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-066"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-068"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-069"
            }
          ],
          "source": {
            "advisory": "VDE-2024-056, VDE-2024-066, VDE-2024-068, VDE-2024-069",
            "defect": [
              "CERT@VDE#641679",
              "CERT@VDE#641695",
              "CERT@VDE#641692",
              "CERT@VDE#641696"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MB connect line/Helmholz: Weak encryption of configuration file",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-45273",
        "datePublished": "2024-10-15T10:27:52.208Z",
        "dateReserved": "2024-08-26T09:19:01.266Z",
        "dateUpdated": "2024-10-16T17:47:04.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45272 (GCVE-0-2024-45272)

    Vulnerability from nvd – Published: 2024-10-15 10:27 – Updated: 2024-10-16 17:36
    VLAI
    Title
    MB connect line/Helmholz: Generation of weak passwords vulnerability
    Summary
    An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.16.2 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.16.2 (semver)
    Create a notification for this product.
    Helmholz myREX24 V2 Affected: 0.0.0 , ≤ 2.16.2 (semver)
    Create a notification for this product.
    Helmholz myREX24.virtual Affected: 0.0.0 , ≤ 2.16.2 (semver)
    Create a notification for this product.
    mbconnectline mbconnect24 Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*
    Create a notification for this product.
    mbconnectline mymbconnect24 Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz myrex24_v2 Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz myrex24.virtual Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-15 08:00
    Credits
    Moritz Abrell SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbconnect24",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mymbconnect24",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "myrex24_v2",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "myrex24.virtual",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T13:40:14.338031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T13:43:55.942Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-16T17:36:22.123Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-061.txt"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24 V2",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "SySS GmbH"
            }
          ],
          "datePublic": "2024-10-15T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1391",
                  "description": "CWE-1391: Use of Weak Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-15T10:27:32.688Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-068"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-069"
            }
          ],
          "source": {
            "advisory": "VDE-2024-068, VDE-2024-069",
            "defect": [
              "CERT@VDE#641695",
              "CERT@VDE#641696"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MB connect line/Helmholz: Generation of weak passwords vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-45272",
        "datePublished": "2024-10-15T10:27:32.688Z",
        "dateReserved": "2024-08-26T09:19:01.266Z",
        "dateUpdated": "2024-10-16T17:36:22.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4834 (GCVE-0-2023-4834)

    Vulnerability from nvd – Published: 2023-10-16 08:40 – Updated: 2024-09-16 18:17
    VLAI
    Summary
    In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Date Public
    2023-10-16 08:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:38:00.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-041"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-043"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4834",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T18:16:53.810599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T18:17:07.881Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "Red Lion Europe",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "Red Lion Europe",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-10-16T08:40:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eIn \u003cspan style=\"background-color: rgb(249, 250, 251);\"\u003eRed Lion Europe\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(249, 250, 251);\"\u003embCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u0026nbsp;\u003c/span\u003eimproperly implemented access validation \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallows an authenticated, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003elow privileged\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;attacker to gain read access to limited, non-critical device information in his account he should not have access to.\u003c/span\u003e\n\u003c/p\u003e\n\t\t\t\t\t\u003c/div\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n"
                }
              ],
              "value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-16T08:59:23.795Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-041"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-043"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64587"
            ],
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-4834",
        "datePublished": "2023-10-16T08:40:13.064Z",
        "dateReserved": "2023-09-08T07:54:38.764Z",
        "dateUpdated": "2024-09-16T18:17:07.881Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1779 (GCVE-0-2023-1779)

    Vulnerability from nvd – Published: 2023-06-06 10:07 – Updated: 2025-01-07 19:19
    VLAI
    Title
    Helmholz and MB Connect Line: Account takeover via password reset in multiple products
    Summary
    Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB Connect Line mbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    MB Connect Line mymbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24 Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24.virtual Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Credits
    Helmholz GmbH & Co. KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:25.020Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-07T19:17:38.403913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-07T19:19:11.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Helmholz GmbH \u0026 Co. KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u0026nbsp;in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u0026lt;=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
                }
              ],
              "value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u00a0in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u003c=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T05:30:25.424Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-002",
            "defect": [
              "CERT@VDE#64404"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-1779",
        "datePublished": "2023-06-06T10:07:35.354Z",
        "dateReserved": "2023-03-31T13:00:50.757Z",
        "dateUpdated": "2025-01-07T19:19:11.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0985 (GCVE-0-2023-0985)

    Vulnerability from nvd – Published: 2023-06-06 10:06 – Updated: 2025-01-07 19:20
    VLAI
    Title
    Helmholz and MB Connect Line: Account takeover via password reset in multiple products
    Summary
    An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB Connect Line mbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    MB Connect Line mymbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24 Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24.virtual Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Date Public
    2023-05-15 10:00
    Credits
    Hussein Alsharafi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:45.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0985",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-07T19:19:39.189272Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-07T19:20:21.167Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hussein Alsharafi"
            }
          ],
          "datePublic": "2023-05-15T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u0026nbsp;mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u0026lt;= 2.13.3.\u0026nbsp;An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
                }
              ],
              "value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u00a0mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u003c= 2.13.3.\u00a0An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-06T10:06:48.102Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-002",
            "defect": [
              "CERT@VDE#64404"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-0985",
        "datePublished": "2023-06-06T10:06:48.102Z",
        "dateReserved": "2023-02-23T14:11:49.473Z",
        "dateUpdated": "2025-01-07T19:20:21.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22520 (GCVE-0-2022-22520)

    Vulnerability from nvd – Published: 2022-09-14 14:05 – Updated: 2024-09-17 04:14
    VLAI
    Title
    User enumeration vulnerability in MB connect line and Helmholz products
    Summary
    A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
    CWE
    • CWE-204 - Response Discrepancy Information Exposure
    Assigner
    References
    Impacted products
    Date Public
    2022-09-07 00:00
    Credits
    SySS GmbH reported this vulnerability to Helmholz. Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz & MB connect line.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-011"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SySS GmbH reported this vulnerability to Helmholz.  Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz \u0026 MB connect line."
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Response Discrepancy Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-011"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to Version 2.12.1"
            }
          ],
          "source": {
            "advisory": "VDE-2022-011",
            "discovery": "EXTERNAL"
          },
          "title": "User enumeration vulnerability in MB connect line and Helmholz products",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2022-22520",
              "STATE": "PUBLIC",
              "TITLE": "User enumeration vulnerability in MB connect line and Helmholz products"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "myREX24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "myREX24.virtual",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Helmholz"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "SySS GmbH reported this vulnerability to Helmholz.  Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz \u0026 MB connect line."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-204 Response Discrepancy Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-011",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-011"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to Version 2.12.1"
              }
            ],
            "source": {
              "advisory": "VDE-2022-011",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22520",
        "datePublished": "2022-09-14T14:05:30.024Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:21.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34580 (GCVE-0-2021-34580)

    Vulnerability from nvd – Published: 2021-10-27 10:25 – Updated: 2024-09-17 01:41
    VLAI
    Title
    Remote user enumeration in mymbCONNECT24, mbCONNECT24 <= 2.9.0
    Summary
    In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
    CWE
    • CWE-204 - Response Discrepancy Information Exposure
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mymbCONNECT24 Affected: 2.9.0 , ≤ 2.9.0 (custom)
    Create a notification for this product.
    MB connect line mbCONNECT24 Affected: 2.9.0 , ≤ 2.9.0 (custom)
    Create a notification for this product.
    Date Public
    2021-10-27 00:00
    Credits
    LEWA Attendorn GmbH reported the vulnerability to MB connect line. CERT@VDE coordinated.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:46.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.0",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.0",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "LEWA Attendorn GmbH reported the vulnerability to MB connect line. CERT@VDE coordinated."
            }
          ],
          "datePublic": "2021-10-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Response Discrepancy Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-27T10:25:09.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 2.10.1"
            }
          ],
          "source": {
            "advisory": "VDE-2021-030",
            "discovery": "EXTERNAL"
          },
          "title": "Remote user enumeration in mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-10-27T10:00:00.000Z",
              "ID": "CVE-2021-34580",
              "STATE": "PUBLIC",
              "TITLE": "Remote user enumeration in mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.9.0",
                                "version_value": "2.9.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.9.0",
                                "version_value": "2.9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "LEWA Attendorn GmbH reported the vulnerability to MB connect line. CERT@VDE coordinated."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-204 Response Discrepancy Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-037/",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 2.10.1"
              }
            ],
            "source": {
              "advisory": "VDE-2021-030",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-34580",
        "datePublished": "2021-10-27T10:25:09.307Z",
        "dateReserved": "2021-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:41:24.149Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34575 (GCVE-0-2021-34575)

    Vulnerability from nvd – Published: 2021-08-02 10:24 – Updated: 2024-09-16 22:46
    VLAI
    Title
    Information Exposure in mymbCONNECT24, mbCONNECT24 <= 2.8.0
    Summary
    In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.
    CWE
    • CWE-203 - Information Exposure Through Discrepancy
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mymbCONNECT24 Affected: 2.8.0 , ≤ 2.8.0 (custom)
    Create a notification for this product.
    MB connect line mbCONNECT24 Affected: 2.8.0 , ≤ 2.8.0 (custom)
    Create a notification for this product.
    Date Public
    2021-07-23 00:00
    Credits
    OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:46.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.0",
                  "status": "affected",
                  "version": "2.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.0",
                  "status": "affected",
                  "version": "2.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
            }
          ],
          "datePublic": "2021-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "CWE-203 Information Exposure Through Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-02T10:24:32.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 2.9.0"
            }
          ],
          "source": {
            "advisory": "VDE-2021-030",
            "discovery": "EXTERNAL"
          },
          "title": "Information Exposure in mymbCONNECT24, mbCONNECT24 \u003c= 2.8.0",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-07-23T12:50:00.000Z",
              "ID": "CVE-2021-34575",
              "STATE": "PUBLIC",
              "TITLE": "Information Exposure in mymbCONNECT24, mbCONNECT24 \u003c= 2.8.0"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.8.0",
                                "version_value": "2.8.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.8.0",
                                "version_value": "2.8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-203 Information Exposure Through Discrepancy"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/de-de/advisories/vde-2021-030",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 2.9.0"
              }
            ],
            "source": {
              "advisory": "VDE-2021-030",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-34575",
        "datePublished": "2021-08-02T10:24:32.820Z",
        "dateReserved": "2021-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:46:43.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34574 (GCVE-0-2021-34574)

    Vulnerability from nvd – Published: 2021-08-02 10:24 – Updated: 2024-09-16 18:14
    VLAI
    Title
    Password policy evasion in products of MB connect line and Helmholz
    Summary
    In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    Assigner
    References
    Impacted products
    Date Public
    2022-09-07 00:00
    Credits
    OTORIO reported the vulnerabilities to MB connect line.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:46.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "OTORIO reported the vulnerabilities to MB connect line."
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-669",
                  "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 2.12.1"
            }
          ],
          "source": {
            "advisory": "VDE-2021-030, VDE-2022-039",
            "discovery": "EXTERNAL"
          },
          "title": "Password policy evasion in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2021-34574",
              "STATE": "PUBLIC",
              "TITLE": "Password policy evasion in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "myREX24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "myREX24.virtual",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Helmholz"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "OTORIO reported the vulnerabilities to MB connect line."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-669 Incorrect Resource Transfer Between Spheres"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-030",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 2.12.1"
              }
            ],
            "source": {
              "advisory": "VDE-2021-030, VDE-2022-039",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-34574",
        "datePublished": "2021-08-02T10:24:31.932Z",
        "dateReserved": "2021-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:14:15.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-33617 (GCVE-0-2026-33617)

    Vulnerability from cvelistv5 – Published: 2026-04-02 09:00 – Updated: 2026-04-03 17:21
    VLAI
    Title
    MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint
    Summary
    An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    Date Public
    2026-04-02 09:00
    Credits
    Moritz Abrell, Christian Zäske from SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33617",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-03T17:21:45.412589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-03T17:21:51.783Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"
            }
          ],
          "datePublic": "2026-04-02T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-497",
                  "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T09:00:17.434Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/de/advisories/VDE-2026-030"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-030",
            "defect": [
              "CERT@VDE#641994"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "MB connect line mbCONNECT24 vulnerable to an unauthenticated information disclosure in the data24 Endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-33617",
        "datePublished": "2026-04-02T09:00:10.713Z",
        "dateReserved": "2026-03-23T13:15:49.382Z",
        "dateUpdated": "2026-04-03T17:21:51.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33616 (GCVE-0-2026-33616)

    Vulnerability from cvelistv5 – Published: 2026-04-02 08:59 – Updated: 2026-04-02 13:08
    VLAI
    Title
    MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint
    Summary
    An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    Date Public
    2026-04-02 09:00
    Credits
    Moritz Abrell, Christian Zäske from SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33616",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T13:08:03.527993Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-02T13:08:18.951Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"
            }
          ],
          "datePublic": "2026-04-02T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T08:59:55.743Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/de/advisories/VDE-2026-030"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-030",
            "defect": [
              "CERT@VDE#641994"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-33616",
        "datePublished": "2026-04-02T08:59:55.743Z",
        "dateReserved": "2026-03-23T13:15:49.382Z",
        "dateUpdated": "2026-04-02T13:08:18.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33615 (GCVE-0-2026-33615)

    Vulnerability from cvelistv5 – Published: 2026-04-02 08:59 – Updated: 2026-04-02 14:29
    VLAI
    Title
    MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint
    Summary
    An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    Date Public
    2026-04-02 09:00
    Credits
    Moritz Abrell, Christian Zäske from SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33615",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T14:29:33.756162Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-02T14:29:46.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"
            }
          ],
          "datePublic": "2026-04-02T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T08:59:48.843Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/de/advisories/VDE-2026-030"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-030",
            "defect": [
              "CERT@VDE#641994"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the setinfo Endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-33615",
        "datePublished": "2026-04-02T08:59:48.843Z",
        "dateReserved": "2026-03-23T13:15:49.382Z",
        "dateUpdated": "2026-04-02T14:29:46.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33614 (GCVE-0-2026-33614)

    Vulnerability from cvelistv5 – Published: 2026-04-02 08:59 – Updated: 2026-04-02 13:30
    VLAI
    Title
    MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint
    Summary
    An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    Date Public
    2026-04-02 09:00
    Credits
    Moritz Abrell, Christian Zäske from SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33614",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T13:29:54.050449Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-02T13:30:10.029Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"
            }
          ],
          "datePublic": "2026-04-02T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T08:59:40.736Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/de/advisories/VDE-2026-030"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-030",
            "defect": [
              "CERT@VDE#641994"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the getinfo endpoint",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-33614",
        "datePublished": "2026-04-02T08:59:40.736Z",
        "dateReserved": "2026-03-23T13:15:49.381Z",
        "dateUpdated": "2026-04-02T13:30:10.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33613 (GCVE-0-2026-33613)

    Vulnerability from cvelistv5 – Published: 2026-04-02 08:59 – Updated: 2026-04-02 13:42
    VLAI
    Title
    MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray
    Summary
    Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.19.4 (semver)
    Create a notification for this product.
    Date Public
    2026-04-02 09:00
    Credits
    Moritz Abrell, Christian Zäske from SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33613",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-02T13:41:33.794559Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-02T13:42:38.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.19.4",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"
            }
          ],
          "datePublic": "2026-04-02T09:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise.\u003cbr\u003eThis vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.\u003cbr\u003e"
                }
              ],
              "value": "Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise.\nThis vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-02T08:59:34.008Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://certvde.com/de/advisories/VDE-2026-030"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
            }
          ],
          "source": {
            "advisory": "VDE-2026-030",
            "defect": [
              "CERT@VDE#641994"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "MB connect line mbCONNECT24 vulnerable to RCE in generateSrpArray",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2026-33613",
        "datePublished": "2026-04-02T08:59:34.008Z",
        "dateReserved": "2026-03-23T13:15:49.381Z",
        "dateUpdated": "2026-04-02T13:42:38.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-45273 (GCVE-0-2024-45273)

    Vulnerability from cvelistv5 – Published: 2024-10-15 10:27 – Updated: 2024-10-16 17:47
    VLAI
    Title
    MB connect line/Helmholz: Weak encryption of configuration file
    Summary
    An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-261 - Weak Encoding for Password
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbNET.mini Affected: 0.0.0 , ≤ 2.2.13 (semver)
    Create a notification for this product.
    MB connect line mbNET/mbNET.rokey Affected: 0.0.0 , ≤ 8.2.0 (semver)
    Create a notification for this product.
    MB connect line mbNET HW1 Affected: 0.0.0 , ≤ 5.1.11 (semver)
    Create a notification for this product.
    MB connect line mbSPIDER Affected: 0.0.0 , ≤ 2.6.5 (semver)
    Create a notification for this product.
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.16.2 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.16.2 (semver)
    Create a notification for this product.
    Helmholz REX100 Affected: 0.0.0 , ≤ <= 2.2.13 (semver)
    Create a notification for this product.
    Helmholz REX200/250 Affected: 0.0.0 , ≤ <= 8.2.0 (semver)
    Create a notification for this product.
    Helmholz myREX24 V2 Affected: 0.0.0 , ≤ <= 2.16.2 (semver)
    Create a notification for this product.
    Helmholz myREX24.virtual Affected: 0.0.0 , ≤ <= 2.16.2 (semver)
    Create a notification for this product.
    Helmholz REX300 Affected: 0.0.0 , ≤ <= 5.1.11 (semver)
    Create a notification for this product.
    mb_connect_line mbnet.mini Affected: 0 , ≤ 2.2.13 (semver)
        cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mbconnectline mbnet_mbnet.rokey Affected: 0 , ≤ 8.2.0 (semver)
        cpe:2.3:a:mbconnectline:mbnet_mbnet.rokey:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mbconnectline mbnet_hw1 Affected: 0 , ≤ 5.1.11 (semver)
        cpe:2.3:a:mbconnectline:mbnet_hw1:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mbconnectline mbspider Affected: 0 , ≤ 2.6.5 (semver)
        cpe:2.3:a:mbconnectline:mbspider:*:*:*:*:*:*:*:*
    Create a notification for this product.
    mbconnectline mbconnect24 Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*
    Create a notification for this product.
    mbconnectline mymbconnect24 Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz rex100 Affected: 0 , ≤ 2.2.13 (semver)
        cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz rex_200 Affected: 0 , ≤ 8.2.0 (semver)
        cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz rex250 Affected: 0 , ≤ 8.2.0 (semver)
        cpe:2.3:a:helmholz:rex250:*:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz myrex24_v2 Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz myrex24.virtual Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz rex300 Affected: 0 , ≤ 5.1.11 (semver)
        cpe:2.3:a:helmholz:rex300:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-15 08:00
    Credits
    Moritz Abrell SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mb_connect_line:mbnet.mini:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbnet.mini",
                "vendor": "mb_connect_line",
                "versions": [
                  {
                    "lessThanOrEqual": "2.2.13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mbnet_mbnet.rokey:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbnet_mbnet.rokey",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mbnet_hw1:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbnet_hw1",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "5.1.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mbspider:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbspider",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "2.6.5",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbconnect24",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mymbconnect24",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:rex100:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "rex100",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "2.2.13",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "rex_200",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:rex250:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "rex250",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "8.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "myrex24_v2",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "myrex24.virtual",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:rex300:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "rex300",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "5.1.11",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T18:22:26.955543Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T18:31:20.013Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-16T17:47:04.737Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-062.txt"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbNET.mini",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.13",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mbNET/mbNET.rokey",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "8.2.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mbNET HW1",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "5.1.11",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mbSPIDER",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.5",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX100",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c= 2.2.13",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX200/250",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c= 8.2.0",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24 V2",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c= 2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c= 2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "REX300",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "\u003c= 5.1.11",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "SySS GmbH"
            }
          ],
          "datePublic": "2024-10-15T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-261",
                  "description": "CWE-261: Weak Encoding for Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-15T10:27:52.208Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-056"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-066"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-068"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-069"
            }
          ],
          "source": {
            "advisory": "VDE-2024-056, VDE-2024-066, VDE-2024-068, VDE-2024-069",
            "defect": [
              "CERT@VDE#641679",
              "CERT@VDE#641695",
              "CERT@VDE#641692",
              "CERT@VDE#641696"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MB connect line/Helmholz: Weak encryption of configuration file",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-45273",
        "datePublished": "2024-10-15T10:27:52.208Z",
        "dateReserved": "2024-08-26T09:19:01.266Z",
        "dateUpdated": "2024-10-16T17:47:04.737Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45272 (GCVE-0-2024-45272)

    Vulnerability from cvelistv5 – Published: 2024-10-15 10:27 – Updated: 2024-10-16 17:36
    VLAI
    Title
    MB connect line/Helmholz: Generation of weak passwords vulnerability
    Summary
    An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    MB connect line mbCONNECT24 Affected: 0.0.0 , ≤ 2.16.2 (semver)
    Create a notification for this product.
    MB connect line mymbCONNECT24 Affected: 0.0.0 , ≤ 2.16.2 (semver)
    Create a notification for this product.
    Helmholz myREX24 V2 Affected: 0.0.0 , ≤ 2.16.2 (semver)
    Create a notification for this product.
    Helmholz myREX24.virtual Affected: 0.0.0 , ≤ 2.16.2 (semver)
    Create a notification for this product.
    mbconnectline mbconnect24 Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*
    Create a notification for this product.
    mbconnectline mymbconnect24 Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz myrex24_v2 Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    helmholz myrex24.virtual Affected: 0 , ≤ 2.16.2 (semver)
        cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-15 08:00
    Credits
    Moritz Abrell SySS GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mbconnect24:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mbconnect24",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:mbconnectline:mymbconnect24:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "mymbconnect24",
                "vendor": "mbconnectline",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:myrex24_v2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "myrex24_v2",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "myrex24.virtual",
                "vendor": "helmholz",
                "versions": [
                  {
                    "lessThanOrEqual": "2.16.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T13:40:14.338031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T13:43:55.942Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-10-16T17:36:22.123Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-061.txt"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24 V2",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.2",
                  "status": "affected",
                  "version": "0.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Moritz Abrell"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "SySS GmbH"
            }
          ],
          "datePublic": "2024-10-15T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.\u003cbr\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1391",
                  "description": "CWE-1391: Use of Weak Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-15T10:27:32.688Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-068"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2024-069"
            }
          ],
          "source": {
            "advisory": "VDE-2024-068, VDE-2024-069",
            "defect": [
              "CERT@VDE#641695",
              "CERT@VDE#641696"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MB connect line/Helmholz: Generation of weak passwords vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2024-45272",
        "datePublished": "2024-10-15T10:27:32.688Z",
        "dateReserved": "2024-08-26T09:19:01.266Z",
        "dateUpdated": "2024-10-16T17:36:22.123Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4834 (GCVE-0-2023-4834)

    Vulnerability from cvelistv5 – Published: 2023-10-16 08:40 – Updated: 2024-09-16 18:17
    VLAI
    Summary
    In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Date Public
    2023-10-16 08:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:38:00.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-041"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-043"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4834",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T18:16:53.810599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T18:17:07.881Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "Red Lion Europe",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "Red Lion Europe",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-10-16T08:40:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eIn \u003cspan style=\"background-color: rgb(249, 250, 251);\"\u003eRed Lion Europe\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(249, 250, 251);\"\u003embCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u0026nbsp;\u003c/span\u003eimproperly implemented access validation \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallows an authenticated, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003elow privileged\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;attacker to gain read access to limited, non-critical device information in his account he should not have access to.\u003c/span\u003e\n\u003c/p\u003e\n\t\t\t\t\t\u003c/div\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n"
                }
              ],
              "value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-16T08:59:23.795Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-041"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-043"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64587"
            ],
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-4834",
        "datePublished": "2023-10-16T08:40:13.064Z",
        "dateReserved": "2023-09-08T07:54:38.764Z",
        "dateUpdated": "2024-09-16T18:17:07.881Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1779 (GCVE-0-2023-1779)

    Vulnerability from cvelistv5 – Published: 2023-06-06 10:07 – Updated: 2025-01-07 19:19
    VLAI
    Title
    Helmholz and MB Connect Line: Account takeover via password reset in multiple products
    Summary
    Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB Connect Line mbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    MB Connect Line mymbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24 Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24.virtual Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Credits
    Helmholz GmbH & Co. KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:25.020Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-07T19:17:38.403913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-07T19:19:11.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Helmholz GmbH \u0026 Co. KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u0026nbsp;in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u0026lt;=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
                }
              ],
              "value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u00a0in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u003c=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T05:30:25.424Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-002",
            "defect": [
              "CERT@VDE#64404"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-1779",
        "datePublished": "2023-06-06T10:07:35.354Z",
        "dateReserved": "2023-03-31T13:00:50.757Z",
        "dateUpdated": "2025-01-07T19:19:11.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0985 (GCVE-0-2023-0985)

    Vulnerability from cvelistv5 – Published: 2023-06-06 10:06 – Updated: 2025-01-07 19:20
    VLAI
    Title
    Helmholz and MB Connect Line: Account takeover via password reset in multiple products
    Summary
    An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB Connect Line mbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    MB Connect Line mymbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24 Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24.virtual Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Date Public
    2023-05-15 10:00
    Credits
    Hussein Alsharafi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:45.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0985",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-07T19:19:39.189272Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-07T19:20:21.167Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hussein Alsharafi"
            }
          ],
          "datePublic": "2023-05-15T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u0026nbsp;mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u0026lt;= 2.13.3.\u0026nbsp;An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
                }
              ],
              "value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u00a0mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u003c= 2.13.3.\u00a0An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-06T10:06:48.102Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-002",
            "defect": [
              "CERT@VDE#64404"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-0985",
        "datePublished": "2023-06-06T10:06:48.102Z",
        "dateReserved": "2023-02-23T14:11:49.473Z",
        "dateUpdated": "2025-01-07T19:20:21.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22520 (GCVE-0-2022-22520)

    Vulnerability from cvelistv5 – Published: 2022-09-14 14:05 – Updated: 2024-09-17 04:14
    VLAI
    Title
    User enumeration vulnerability in MB connect line and Helmholz products
    Summary
    A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
    CWE
    • CWE-204 - Response Discrepancy Information Exposure
    Assigner
    References
    Impacted products
    Date Public
    2022-09-07 00:00
    Credits
    SySS GmbH reported this vulnerability to Helmholz. Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz & MB connect line.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-011"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SySS GmbH reported this vulnerability to Helmholz.  Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz \u0026 MB connect line."
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Response Discrepancy Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-011"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to Version 2.12.1"
            }
          ],
          "source": {
            "advisory": "VDE-2022-011",
            "discovery": "EXTERNAL"
          },
          "title": "User enumeration vulnerability in MB connect line and Helmholz products",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2022-22520",
              "STATE": "PUBLIC",
              "TITLE": "User enumeration vulnerability in MB connect line and Helmholz products"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "myREX24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "myREX24.virtual",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Helmholz"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "SySS GmbH reported this vulnerability to Helmholz.  Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz \u0026 MB connect line."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-204 Response Discrepancy Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-011",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-011"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to Version 2.12.1"
              }
            ],
            "source": {
              "advisory": "VDE-2022-011",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22520",
        "datePublished": "2022-09-14T14:05:30.024Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:21.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34580 (GCVE-0-2021-34580)

    Vulnerability from cvelistv5 – Published: 2021-10-27 10:25 – Updated: 2024-09-17 01:41
    VLAI
    Title
    Remote user enumeration in mymbCONNECT24, mbCONNECT24 <= 2.9.0
    Summary
    In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
    CWE
    • CWE-204 - Response Discrepancy Information Exposure
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mymbCONNECT24 Affected: 2.9.0 , ≤ 2.9.0 (custom)
    Create a notification for this product.
    MB connect line mbCONNECT24 Affected: 2.9.0 , ≤ 2.9.0 (custom)
    Create a notification for this product.
    Date Public
    2021-10-27 00:00
    Credits
    LEWA Attendorn GmbH reported the vulnerability to MB connect line. CERT@VDE coordinated.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:46.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.0",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.0",
                  "status": "affected",
                  "version": "2.9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "LEWA Attendorn GmbH reported the vulnerability to MB connect line. CERT@VDE coordinated."
            }
          ],
          "datePublic": "2021-10-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Response Discrepancy Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-27T10:25:09.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 2.10.1"
            }
          ],
          "source": {
            "advisory": "VDE-2021-030",
            "discovery": "EXTERNAL"
          },
          "title": "Remote user enumeration in mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-10-27T10:00:00.000Z",
              "ID": "CVE-2021-34580",
              "STATE": "PUBLIC",
              "TITLE": "Remote user enumeration in mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.9.0",
                                "version_value": "2.9.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.9.0",
                                "version_value": "2.9.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "LEWA Attendorn GmbH reported the vulnerability to MB connect line. CERT@VDE coordinated."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In mymbCONNECT24, mbCONNECT24 \u003c= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-204 Response Discrepancy Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-037/",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-037/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 2.10.1"
              }
            ],
            "source": {
              "advisory": "VDE-2021-030",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-34580",
        "datePublished": "2021-10-27T10:25:09.307Z",
        "dateReserved": "2021-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:41:24.149Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34575 (GCVE-0-2021-34575)

    Vulnerability from cvelistv5 – Published: 2021-08-02 10:24 – Updated: 2024-09-16 22:46
    VLAI
    Title
    Information Exposure in mymbCONNECT24, mbCONNECT24 <= 2.8.0
    Summary
    In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.
    CWE
    • CWE-203 - Information Exposure Through Discrepancy
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB connect line mymbCONNECT24 Affected: 2.8.0 , ≤ 2.8.0 (custom)
    Create a notification for this product.
    MB connect line mbCONNECT24 Affected: 2.8.0 , ≤ 2.8.0 (custom)
    Create a notification for this product.
    Date Public
    2021-07-23 00:00
    Credits
    OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:46.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.0",
                  "status": "affected",
                  "version": "2.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.0",
                  "status": "affected",
                  "version": "2.8.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
            }
          ],
          "datePublic": "2021-07-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-203",
                  "description": "CWE-203 Information Exposure Through Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-02T10:24:32.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 2.9.0"
            }
          ],
          "source": {
            "advisory": "VDE-2021-030",
            "discovery": "EXTERNAL"
          },
          "title": "Information Exposure in mymbCONNECT24, mbCONNECT24 \u003c= 2.8.0",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2021-07-23T12:50:00.000Z",
              "ID": "CVE-2021-34575",
              "STATE": "PUBLIC",
              "TITLE": "Information Exposure in mymbCONNECT24, mbCONNECT24 \u003c= 2.8.0"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.8.0",
                                "version_value": "2.8.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.8.0",
                                "version_value": "2.8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In MB connect line mymbCONNECT24, mbCONNECT24 in versions \u003c= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-203 Information Exposure Through Discrepancy"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/de-de/advisories/vde-2021-030",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/de-de/advisories/vde-2021-030"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 2.9.0"
              }
            ],
            "source": {
              "advisory": "VDE-2021-030",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-34575",
        "datePublished": "2021-08-02T10:24:32.820Z",
        "dateReserved": "2021-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:46:43.672Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34574 (GCVE-0-2021-34574)

    Vulnerability from cvelistv5 – Published: 2021-08-02 10:24 – Updated: 2024-09-16 18:14
    VLAI
    Title
    Password policy evasion in products of MB connect line and Helmholz
    Summary
    In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    Assigner
    References
    Impacted products
    Date Public
    2022-09-07 00:00
    Credits
    OTORIO reported the vulnerabilities to MB connect line.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:46.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "OTORIO reported the vulnerabilities to MB connect line."
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-669",
                  "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 2.12.1"
            }
          ],
          "source": {
            "advisory": "VDE-2021-030, VDE-2022-039",
            "discovery": "EXTERNAL"
          },
          "title": "Password policy evasion in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2021-34574",
              "STATE": "PUBLIC",
              "TITLE": "Password policy evasion in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "myREX24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "myREX24.virtual",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Helmholz"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "OTORIO reported the vulnerabilities to MB connect line."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-669 Incorrect Resource Transfer Between Spheres"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-030",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 2.12.1"
              }
            ],
            "source": {
              "advisory": "VDE-2021-030, VDE-2022-039",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-34574",
        "datePublished": "2021-08-02T10:24:31.932Z",
        "dateReserved": "2021-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:14:15.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202410-0404

    Vulnerability from variot - Updated: 2024-10-23 22:43

    An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. helmholz of myrex24 v2 virtual server Unspecified vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202410-0404",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rex 300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "5.1.11"
          },
          {
            "model": "mbnet",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "8.2.1"
          },
          {
            "model": "mymbconnect24",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.16.3"
          },
          {
            "model": "rex 250",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "8.2.1"
          },
          {
            "model": "mbspider mdh 916",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.6.5"
          },
          {
            "model": "mbspider mdh 915",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.6.5"
          },
          {
            "model": "rex 200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "8.2.1"
          },
          {
            "model": "mbspider mdh 905",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.6.5"
          },
          {
            "model": "mbspider mdh 906",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.6.5"
          },
          {
            "model": "mbnet hw1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "5.1.11"
          },
          {
            "model": "mbnet.rokey",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "8.2.1"
          },
          {
            "model": "myrex24 v2 virtual server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "2.16.3"
          },
          {
            "model": "mbconnect24",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.16.3"
          },
          {
            "model": "mbnet",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbconnect24",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mymbconnect24",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "rex 300",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "myrex24 v2 virtual server",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "rex 200",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "mbspider mdh 915",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbspider mdh 905",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbnet hw1",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbspider mdh 906",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbspider mdh 916",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "rex 250",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "mbnet.rokey",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010528"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45272"
          }
        ]
      },
      "cve": "CVE-2024-45272",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "info@cert.vde.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2024-45272",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-010528",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2024-45272",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-010528",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010528"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45272"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. helmholz of myrex24 v2 virtual server Unspecified vulnerabilities exist in products from multiple vendors.Service operation interruption (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-45272"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010528"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-45272",
            "trust": 2.6
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2024-068",
            "trust": 1.8
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2024-069",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010528",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010528"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45272"
          }
        ]
      },
      "id": "VAR-202410-0404",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5
      },
      "last_update_date": "2024-10-23T22:43:38.088000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-1391",
            "trust": 1.0
          },
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "Using weak credentials (CWE-1391) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " others (CWE-Other) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010528"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45272"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://cert.vde.com/en/advisories/vde-2024-068"
          },
          {
            "trust": 1.8,
            "url": "https://cert.vde.com/en/advisories/vde-2024-069"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-45272"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010528"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45272"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010528"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45272"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-10-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-010528"
          },
          {
            "date": "2024-10-15T11:15:11.673000",
            "db": "NVD",
            "id": "CVE-2024-45272"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-10-18T01:37:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-010528"
          },
          {
            "date": "2024-10-17T17:42:42.197000",
            "db": "NVD",
            "id": "CVE-2024-45272"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "helmholz\u00a0 of \u00a0myrex24\u00a0v2\u00a0virtual\u00a0server\u00a0 Vulnerabilities in products from multiple vendors such as",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010528"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202410-0405

    Vulnerability from variot - Updated: 2024-10-23 22:43

    An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202410-0405",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rex 300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "5.1.11"
          },
          {
            "model": "mbnet.mini",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.3.1"
          },
          {
            "model": "mbnet",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "8.2.1"
          },
          {
            "model": "rex 100",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "2.3.1"
          },
          {
            "model": "mymbconnect24",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.16.3"
          },
          {
            "model": "rex 250",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "8.2.1"
          },
          {
            "model": "mbspider mdh 916",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.6.5"
          },
          {
            "model": "rex 200",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "8.2.1"
          },
          {
            "model": "mbspider mdh 915",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.6.5"
          },
          {
            "model": "mbspider mdh 905",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.6.5"
          },
          {
            "model": "mbspider mdh 906",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.6.5"
          },
          {
            "model": "mbnet hw1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "5.1.11"
          },
          {
            "model": "mbnet.rokey",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "8.2.1"
          },
          {
            "model": "myrex24 v2 virtual server",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "helmholz",
            "version": "2.16.3"
          },
          {
            "model": "mbconnect24",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "mbconnectline",
            "version": "2.16.3"
          },
          {
            "model": "mbnet",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbnet.mini",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbconnect24",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mymbconnect24",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "rex 300",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "myrex24 v2 virtual server",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "rex 100",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "rex 200",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "mbspider mdh 915",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbspider mdh 905",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbnet hw1",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbspider mdh 906",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "mbspider mdh 916",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          },
          {
            "model": "rex 250",
            "scope": null,
            "trust": 0.8,
            "vendor": "helmholz",
            "version": null
          },
          {
            "model": "mbnet.rokey",
            "scope": null,
            "trust": 0.8,
            "vendor": "mb connect line",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "cve": "CVE-2024-45273",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2024-45273",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "info@cert.vde.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.5,
                "id": "CVE-2024-45273",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Local",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2024-45273",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-45273",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "info@cert.vde.com",
                "id": "CVE-2024-45273",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2024-45273",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. MB CONNECT LINE of mbnet.mini Products from multiple vendors, such as firmware, have vulnerabilities related to encryption strength.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-45273",
            "trust": 2.6
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2024-056",
            "trust": 1.8
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2024-068",
            "trust": 1.8
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2024-069",
            "trust": 1.8
          },
          {
            "db": "CERT@VDE",
            "id": "VDE-2024-066",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "id": "VAR-202410-0405",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5
      },
      "last_update_date": "2024-10-23T22:43:38.071000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-326",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-261",
            "trust": 1.0
          },
          {
            "problemtype": "Use Weak Ciphers for Passwords (CWE-261) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://cert.vde.com/en/advisories/vde-2024-056"
          },
          {
            "trust": 1.8,
            "url": "https://cert.vde.com/en/advisories/vde-2024-066"
          },
          {
            "trust": 1.8,
            "url": "https://cert.vde.com/en/advisories/vde-2024-068"
          },
          {
            "trust": 1.8,
            "url": "https://cert.vde.com/en/advisories/vde-2024-069"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-45273"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-10-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "date": "2024-10-15T11:15:11.940000",
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-10-18T03:31:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          },
          {
            "date": "2024-10-17T17:41:43.017000",
            "db": "NVD",
            "id": "CVE-2024-45273"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "MB\u00a0CONNECT\u00a0LINE\u00a0 of \u00a0mbnet.mini\u00a0 Vulnerabilities related to cryptographic strength in products from multiple vendors such as firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-010550"
          }
        ],
        "trust": 0.8
      }
    }