Search

Find a vulnerability

Search criteria

    30 vulnerabilities found for myrex24 by helmholz

    CVE-2025-3092 (GCVE-0-2025-3092)

    Vulnerability from nvd – Published: 2025-06-24 08:14 – Updated: 2025-06-24 13:55
    VLAI
    Title
    MB connect line: Observable response discrepancy in mbCONNECT24/mymbCONNECT24
    Summary
    An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Credits
    Peter Husted Simonsen Irwin Przeperski Eviden
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3092",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-24T13:55:22.243364Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-24T13:55:34.477Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Peter Husted Simonsen"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Irwin Przeperski"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Eviden"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204:Observable Response Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-24T08:14:31.864Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-035"
            },
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-038"
            }
          ],
          "source": {
            "advisory": "VDE-2025-035",
            "defect": [
              "CERT@VDE#641772"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MB connect line: Observable response discrepancy in mbCONNECT24/mymbCONNECT24",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-3092",
        "datePublished": "2025-06-24T08:14:31.864Z",
        "dateReserved": "2025-04-01T13:41:23.509Z",
        "dateUpdated": "2025-06-24T13:55:34.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3091 (GCVE-0-2025-3091)

    Vulnerability from nvd – Published: 2025-06-24 08:10 – Updated: 2025-06-24 13:56
    VLAI
    Title
    MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24
    Summary
    An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Credits
    Peter Husted Simonsen Irwin Przeperski Eviden
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3091",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-24T13:55:50.726894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-24T13:56:13.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Peter Husted Simonsen"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Irwin Przeperski"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Eviden"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password."
                }
              ],
              "value": "An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-24T08:10:29.717Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-035"
            },
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-038"
            }
          ],
          "source": {
            "advisory": "VDE-2025-035",
            "defect": [
              "CERT@VDE#641772"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-3091",
        "datePublished": "2025-06-24T08:10:29.717Z",
        "dateReserved": "2025-04-01T13:41:22.429Z",
        "dateUpdated": "2025-06-24T13:56:13.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3090 (GCVE-0-2025-3090)

    Vulnerability from nvd – Published: 2025-06-24 08:05 – Updated: 2025-06-24 14:18
    VLAI
    Title
    MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24
    Summary
    An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3090",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-24T14:17:56.862943Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-24T14:18:57.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function."
                }
              ],
              "value": "An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-24T08:05:15.547Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-034"
            },
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-037"
            }
          ],
          "source": {
            "advisory": "VDE-2025-034",
            "defect": [
              "CERT@VDE#641771"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-3090",
        "datePublished": "2025-06-24T08:05:15.547Z",
        "dateReserved": "2025-04-01T13:41:20.503Z",
        "dateUpdated": "2025-06-24T14:18:57.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4834 (GCVE-0-2023-4834)

    Vulnerability from nvd – Published: 2023-10-16 08:40 – Updated: 2024-09-16 18:17
    VLAI
    Summary
    In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Date Public
    2023-10-16 08:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:38:00.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-041"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-043"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4834",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T18:16:53.810599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T18:17:07.881Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "Red Lion Europe",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "Red Lion Europe",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-10-16T08:40:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eIn \u003cspan style=\"background-color: rgb(249, 250, 251);\"\u003eRed Lion Europe\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(249, 250, 251);\"\u003embCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u0026nbsp;\u003c/span\u003eimproperly implemented access validation \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallows an authenticated, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003elow privileged\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;attacker to gain read access to limited, non-critical device information in his account he should not have access to.\u003c/span\u003e\n\u003c/p\u003e\n\t\t\t\t\t\u003c/div\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n"
                }
              ],
              "value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-16T08:59:23.795Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-041"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-043"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64587"
            ],
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-4834",
        "datePublished": "2023-10-16T08:40:13.064Z",
        "dateReserved": "2023-09-08T07:54:38.764Z",
        "dateUpdated": "2024-09-16T18:17:07.881Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1779 (GCVE-0-2023-1779)

    Vulnerability from nvd – Published: 2023-06-06 10:07 – Updated: 2025-01-07 19:19
    VLAI
    Title
    Helmholz and MB Connect Line: Account takeover via password reset in multiple products
    Summary
    Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB Connect Line mbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    MB Connect Line mymbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24 Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24.virtual Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Credits
    Helmholz GmbH & Co. KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:25.020Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-07T19:17:38.403913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-07T19:19:11.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Helmholz GmbH \u0026 Co. KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u0026nbsp;in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u0026lt;=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
                }
              ],
              "value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u00a0in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u003c=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T05:30:25.424Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-002",
            "defect": [
              "CERT@VDE#64404"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-1779",
        "datePublished": "2023-06-06T10:07:35.354Z",
        "dateReserved": "2023-03-31T13:00:50.757Z",
        "dateUpdated": "2025-01-07T19:19:11.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0985 (GCVE-0-2023-0985)

    Vulnerability from nvd – Published: 2023-06-06 10:06 – Updated: 2025-01-07 19:20
    VLAI
    Title
    Helmholz and MB Connect Line: Account takeover via password reset in multiple products
    Summary
    An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB Connect Line mbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    MB Connect Line mymbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24 Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24.virtual Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Date Public
    2023-05-15 10:00
    Credits
    Hussein Alsharafi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:45.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0985",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-07T19:19:39.189272Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-07T19:20:21.167Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hussein Alsharafi"
            }
          ],
          "datePublic": "2023-05-15T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u0026nbsp;mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u0026lt;= 2.13.3.\u0026nbsp;An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
                }
              ],
              "value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u00a0mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u003c= 2.13.3.\u00a0An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-06T10:06:48.102Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-002",
            "defect": [
              "CERT@VDE#64404"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-0985",
        "datePublished": "2023-06-06T10:06:48.102Z",
        "dateReserved": "2023-02-23T14:11:49.473Z",
        "dateUpdated": "2025-01-07T19:20:21.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22520 (GCVE-0-2022-22520)

    Vulnerability from nvd – Published: 2022-09-14 14:05 – Updated: 2024-09-17 04:14
    VLAI
    Title
    User enumeration vulnerability in MB connect line and Helmholz products
    Summary
    A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
    CWE
    • CWE-204 - Response Discrepancy Information Exposure
    Assigner
    References
    Impacted products
    Date Public
    2022-09-07 00:00
    Credits
    SySS GmbH reported this vulnerability to Helmholz. Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz & MB connect line.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-011"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SySS GmbH reported this vulnerability to Helmholz.  Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz \u0026 MB connect line."
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Response Discrepancy Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-011"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to Version 2.12.1"
            }
          ],
          "source": {
            "advisory": "VDE-2022-011",
            "discovery": "EXTERNAL"
          },
          "title": "User enumeration vulnerability in MB connect line and Helmholz products",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2022-22520",
              "STATE": "PUBLIC",
              "TITLE": "User enumeration vulnerability in MB connect line and Helmholz products"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "myREX24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "myREX24.virtual",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Helmholz"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "SySS GmbH reported this vulnerability to Helmholz.  Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz \u0026 MB connect line."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-204 Response Discrepancy Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-011",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-011"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to Version 2.12.1"
              }
            ],
            "source": {
              "advisory": "VDE-2022-011",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22520",
        "datePublished": "2022-09-14T14:05:30.024Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:21.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34574 (GCVE-0-2021-34574)

    Vulnerability from nvd – Published: 2021-08-02 10:24 – Updated: 2024-09-16 18:14
    VLAI
    Title
    Password policy evasion in products of MB connect line and Helmholz
    Summary
    In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    Assigner
    References
    Impacted products
    Date Public
    2022-09-07 00:00
    Credits
    OTORIO reported the vulnerabilities to MB connect line.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:46.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "OTORIO reported the vulnerabilities to MB connect line."
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-669",
                  "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 2.12.1"
            }
          ],
          "source": {
            "advisory": "VDE-2021-030, VDE-2022-039",
            "discovery": "EXTERNAL"
          },
          "title": "Password policy evasion in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2021-34574",
              "STATE": "PUBLIC",
              "TITLE": "Password policy evasion in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "myREX24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "myREX24.virtual",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Helmholz"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "OTORIO reported the vulnerabilities to MB connect line."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-669 Incorrect Resource Transfer Between Spheres"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-030",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 2.12.1"
              }
            ],
            "source": {
              "advisory": "VDE-2021-030, VDE-2022-039",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-34574",
        "datePublished": "2021-08-02T10:24:31.932Z",
        "dateReserved": "2021-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:14:15.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12527 (GCVE-0-2020-12527)

    Vulnerability from nvd – Published: 2021-03-02 21:15 – Updated: 2024-09-16 20:43
    VLAI
    Title
    Improper Access Validation in products of MB connect line and Helmholz
    Summary
    An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Date Public
    2022-09-07 00:00
    Credits
    OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:56:52.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2.6.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2.6.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.11.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T06:10:07.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to v2.12.1"
            }
          ],
          "source": {
            "advisory": "VDE-2021-003",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Validation in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-09-07T12:50:00.000Z",
              "ID": "CVE-2020-12527",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Validation in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.6.2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.6.2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "myREX24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "myREX24.virtual",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Helmholz"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to v2.12.1"
              }
            ],
            "source": {
              "advisory": "VDE-2021-003",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2020-12527",
        "datePublished": "2021-03-02T21:15:24.885Z",
        "dateReserved": "2020-04-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:43:07.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35570 (GCVE-0-2020-35570)

    Vulnerability from nvd – Published: 2021-02-16 15:23 – Updated: 2024-09-16 19:51
    VLAI
    Title
    Foreced Browsing vulnerability in products of MB connect line and Helmholz
    Summary
    An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2022-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mbconnectline.com/security-advice/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mbconnectline.com/security-advice/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to v2.12.1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Foreced Browsing vulnerability in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2020-35570",
              "STATE": "PUBLIC",
              "TITLE": "Foreced Browsing vulnerability in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mbconnectline.com/security-advice/",
                  "refsource": "MISC",
                  "url": "https://mbconnectline.com/security-advice/"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to v2.12.1"
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35570",
        "datePublished": "2021-02-16T15:23:53.959Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:51:23.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35568 (GCVE-0-2020-35568)

    Vulnerability from nvd – Published: 2021-02-16 15:44 – Updated: 2024-09-17 03:48
    VLAI
    Title
    Sensitive Information Exposure in products of MB connect line and Helmholz
    Summary
    An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2022-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.128Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mbconnectline.com/security-advice/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:27.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mbconnectline.com/security-advice/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.12.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sensitive Information Exposure in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2020-35568",
              "STATE": "PUBLIC",
              "TITLE": "Sensitive Information Exposure in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mbconnectline.com/security-advice/",
                  "refsource": "MISC",
                  "url": "https://mbconnectline.com/security-advice/"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.12.1"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35568",
        "datePublished": "2021-02-16T15:44:10.164Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:48:34.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35566 (GCVE-0-2020-35566)

    Vulnerability from nvd – Published: 2021-02-16 15:40 – Updated: 2024-09-16 22:31
    VLAI
    Title
    Local file inclusion vulnerability in products of MB connect line and Helmholz
    Summary
    An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2022-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mbconnectline.com/security-advice/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:26.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mbconnectline.com/security-advice/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to v2.12.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Local file inclusion vulnerability in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2020-35566",
              "STATE": "PUBLIC",
              "TITLE": "Local file inclusion vulnerability in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mbconnectline.com/security-advice/",
                  "refsource": "MISC",
                  "url": "https://mbconnectline.com/security-advice/"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to v2.12.1"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35566",
        "datePublished": "2021-02-16T15:40:07.656Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:31:00.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35561 (GCVE-0-2020-35561)

    Vulnerability from nvd – Published: 2021-02-16 15:49 – Updated: 2024-09-16 18:08
    VLAI
    Title
    SSRF in variuos products of MB connect line and Helmholz
    Summary
    An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2022-09-07 00:00
    Credits
    OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mbconnectline.com/security-advice/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:25.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mbconnectline.com/security-advice/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.12.1"
            }
          ],
          "source": {
            "advisory": "VDE-2021-030, VDE-2022-039",
            "discovery": "EXTERNAL"
          },
          "title": "SSRF in variuos products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2020-35561",
              "STATE": "PUBLIC",
              "TITLE": "SSRF in variuos products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mbconnectline.com/security-advice/",
                  "refsource": "MISC",
                  "url": "https://mbconnectline.com/security-advice/"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.12.1"
              }
            ],
            "source": {
              "advisory": "VDE-2021-030, VDE-2022-039",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35561",
        "datePublished": "2021-02-16T15:49:45.850Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:08:12.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35558 (GCVE-0-2020-35558)

    Vulnerability from nvd – Published: 2021-02-16 15:26 – Updated: 2024-09-16 20:02
    VLAI
    Title
    SSRF in products of MB connect line and Helmholz
    Summary
    An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2022-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mbconnectline.com/security-advice/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:24.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mbconnectline.com/security-advice/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to v2.12.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SSRF in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2020-35558",
              "STATE": "PUBLIC",
              "TITLE": "SSRF in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mbconnectline.com/security-advice/",
                  "refsource": "MISC",
                  "url": "https://mbconnectline.com/security-advice/"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to v2.12.1"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35558",
        "datePublished": "2021-02-16T15:26:11.394Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:02:23.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35557 (GCVE-0-2020-35557)

    Vulnerability from nvd – Published: 2021-02-16 15:16 – Updated: 2024-09-16 17:42
    VLAI
    Title
    Improper Access Validation in products of MB connect line and Helmholz
    Summary
    An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2022-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.110Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mbconnectline.com/security-advice/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:21.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mbconnectline.com/security-advice/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to v2.12.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Validation in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2020-35557",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Validation in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mbconnectline.com/security-advice/",
                  "refsource": "MISC",
                  "url": "https://mbconnectline.com/security-advice/"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to v2.12.1"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35557",
        "datePublished": "2021-02-16T15:16:06.296Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:42:40.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3092 (GCVE-0-2025-3092)

    Vulnerability from cvelistv5 – Published: 2025-06-24 08:14 – Updated: 2025-06-24 13:55
    VLAI
    Title
    MB connect line: Observable response discrepancy in mbCONNECT24/mymbCONNECT24
    Summary
    An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    Credits
    Peter Husted Simonsen Irwin Przeperski Eviden
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3092",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-24T13:55:22.243364Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-24T13:55:34.477Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Peter Husted Simonsen"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Irwin Przeperski"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Eviden"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204:Observable Response Discrepancy",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-24T08:14:31.864Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-035"
            },
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-038"
            }
          ],
          "source": {
            "advisory": "VDE-2025-035",
            "defect": [
              "CERT@VDE#641772"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MB connect line: Observable response discrepancy in mbCONNECT24/mymbCONNECT24",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-3092",
        "datePublished": "2025-06-24T08:14:31.864Z",
        "dateReserved": "2025-04-01T13:41:23.509Z",
        "dateUpdated": "2025-06-24T13:55:34.477Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3091 (GCVE-0-2025-3091)

    Vulnerability from cvelistv5 – Published: 2025-06-24 08:10 – Updated: 2025-06-24 13:56
    VLAI
    Title
    MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24
    Summary
    An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Credits
    Peter Husted Simonsen Irwin Przeperski Eviden
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3091",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-24T13:55:50.726894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-24T13:56:13.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.16.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Peter Husted Simonsen"
            },
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Irwin Przeperski"
            },
            {
              "lang": "en",
              "type": "reporter",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Eviden"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password."
                }
              ],
              "value": "An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-24T08:10:29.717Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-035"
            },
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-038"
            }
          ],
          "source": {
            "advisory": "VDE-2025-035",
            "defect": [
              "CERT@VDE#641772"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-3091",
        "datePublished": "2025-06-24T08:10:29.717Z",
        "dateReserved": "2025-04-01T13:41:22.429Z",
        "dateUpdated": "2025-06-24T13:56:13.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3090 (GCVE-0-2025-3090)

    Vulnerability from cvelistv5 – Published: 2025-06-24 08:05 – Updated: 2025-06-24 14:18
    VLAI
    Title
    MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24
    Summary
    An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3090",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-24T14:17:56.862943Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-24T14:18:57.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThan": "2.18.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function."
                }
              ],
              "value": "An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-24T08:05:15.547Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-034"
            },
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-037"
            }
          ],
          "source": {
            "advisory": "VDE-2025-034",
            "defect": [
              "CERT@VDE#641771"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "MB connect line: Missing Authentication in mbCONNECT24/mymbCONNECT24",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-3090",
        "datePublished": "2025-06-24T08:05:15.547Z",
        "dateReserved": "2025-04-01T13:41:20.503Z",
        "dateUpdated": "2025-06-24T14:18:57.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4834 (GCVE-0-2023-4834)

    Vulnerability from cvelistv5 – Published: 2023-10-16 08:40 – Updated: 2024-09-16 18:17
    VLAI
    Summary
    In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    Impacted products
    Date Public
    2023-10-16 08:40
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:38:00.778Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-041"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-043"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4834",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-16T18:16:53.810599Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-16T18:17:07.881Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "Red Lion Europe",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "Red Lion Europe",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.14.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2023-10-16T08:40:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eIn \u003cspan style=\"background-color: rgb(249, 250, 251);\"\u003eRed Lion Europe\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(249, 250, 251);\"\u003embCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u0026nbsp;\u003c/span\u003eimproperly implemented access validation \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eallows an authenticated, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003elow privileged\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;attacker to gain read access to limited, non-critical device information in his account he should not have access to.\u003c/span\u003e\n\u003c/p\u003e\n\t\t\t\t\t\u003c/div\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\n\t\n"
                }
              ],
              "value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-16T08:59:23.795Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-041"
            },
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-043"
            }
          ],
          "source": {
            "defect": [
              "CERT@VDE#64587"
            ],
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-4834",
        "datePublished": "2023-10-16T08:40:13.064Z",
        "dateReserved": "2023-09-08T07:54:38.764Z",
        "dateUpdated": "2024-09-16T18:17:07.881Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-1779 (GCVE-0-2023-1779)

    Vulnerability from cvelistv5 – Published: 2023-06-06 10:07 – Updated: 2025-01-07 19:19
    VLAI
    Title
    Helmholz and MB Connect Line: Account takeover via password reset in multiple products
    Summary
    Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB Connect Line mbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    MB Connect Line mymbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24 Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24.virtual Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Credits
    Helmholz GmbH & Co. KG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:57:25.020Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-1779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-07T19:17:38.403913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-07T19:19:11.622Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Helmholz GmbH \u0026 Co. KG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u0026nbsp;in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u0026lt;=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
                }
              ],
              "value": "Exposure of Sensitive Information to an unauthorized actor vulnerability\u00a0in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual in versions \u003c=2.13.3 allow an authorized remote attacker with low privileges to view a limited amount of another accounts contact information."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-02T05:30:25.424Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-008/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-002",
            "defect": [
              "CERT@VDE#64404"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-1779",
        "datePublished": "2023-06-06T10:07:35.354Z",
        "dateReserved": "2023-03-31T13:00:50.757Z",
        "dateUpdated": "2025-01-07T19:19:11.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0985 (GCVE-0-2023-0985)

    Vulnerability from cvelistv5 – Published: 2023-06-06 10:06 – Updated: 2025-01-07 19:20
    VLAI
    Title
    Helmholz and MB Connect Line: Account takeover via password reset in multiple products
    Summary
    An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    References
    Impacted products
    Vendor Product Version
    MB Connect Line mbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    MB Connect Line mymbCONNECT24 Affected: 1.0.0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24 Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Helmholz myREX24.virtual Affected: 0 , ≤ 2.13.3 (semver)
    Create a notification for this product.
    Date Public
    2023-05-15 10:00
    Credits
    Hussein Alsharafi
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T05:32:45.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0985",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-07T19:19:39.189272Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-07T19:20:21.167Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "mbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "mymbCONNECT24",
              "vendor": "MB Connect Line",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.13.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Hussein Alsharafi"
            }
          ],
          "datePublic": "2023-05-15T10:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u0026nbsp;mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u0026lt;= 2.13.3.\u0026nbsp;An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
                }
              ],
              "value": "An Authorization Bypass vulnerability was found in MB Connect Lines\u00a0mbCONNECT24, mymbCONNECT24 and Helmholz\u0027 myREX24 and myREX24.virtual version \u003c= 2.13.3.\u00a0An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-06T10:06:48.102Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2023-002/"
            }
          ],
          "source": {
            "advisory": "VDE-2023-002",
            "defect": [
              "CERT@VDE#64404"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Helmholz and MB Connect Line: Account takeover via password reset in multiple products",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2023-0985",
        "datePublished": "2023-06-06T10:06:48.102Z",
        "dateReserved": "2023-02-23T14:11:49.473Z",
        "dateUpdated": "2025-01-07T19:20:21.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22520 (GCVE-0-2022-22520)

    Vulnerability from cvelistv5 – Published: 2022-09-14 14:05 – Updated: 2024-09-17 04:14
    VLAI
    Title
    User enumeration vulnerability in MB connect line and Helmholz products
    Summary
    A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
    CWE
    • CWE-204 - Response Discrepancy Information Exposure
    Assigner
    References
    Impacted products
    Date Public
    2022-09-07 00:00
    Credits
    SySS GmbH reported this vulnerability to Helmholz. Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz & MB connect line.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:14:55.402Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-011"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "SySS GmbH reported this vulnerability to Helmholz.  Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz \u0026 MB connect line."
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204 Response Discrepancy Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-011"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to Version 2.12.1"
            }
          ],
          "source": {
            "advisory": "VDE-2022-011",
            "discovery": "EXTERNAL"
          },
          "title": "User enumeration vulnerability in MB connect line and Helmholz products",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2022-22520",
              "STATE": "PUBLIC",
              "TITLE": "User enumeration vulnerability in MB connect line and Helmholz products"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "myREX24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "myREX24.virtual",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Helmholz"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "SySS GmbH reported this vulnerability to Helmholz.  Helmholz reported this vulnerability to MB connect line. CERT@VDE coordinated with Helmholz \u0026 MB connect line."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-204 Response Discrepancy Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-011",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-011"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to Version 2.12.1"
              }
            ],
            "source": {
              "advisory": "VDE-2022-011",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2022-22520",
        "datePublished": "2022-09-14T14:05:30.024Z",
        "dateReserved": "2022-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:14:21.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34574 (GCVE-0-2021-34574)

    Vulnerability from cvelistv5 – Published: 2021-08-02 10:24 – Updated: 2024-09-16 18:14
    VLAI
    Title
    Password policy evasion in products of MB connect line and Helmholz
    Summary
    In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.
    CWE
    • CWE-669 - Incorrect Resource Transfer Between Spheres
    Assigner
    References
    Impacted products
    Date Public
    2022-09-07 00:00
    Credits
    OTORIO reported the vulnerabilities to MB connect line.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:46.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "OTORIO reported the vulnerabilities to MB connect line."
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-669",
                  "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:29.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 2.12.1"
            }
          ],
          "source": {
            "advisory": "VDE-2021-030, VDE-2022-039",
            "discovery": "EXTERNAL"
          },
          "title": "Password policy evasion in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2021-34574",
              "STATE": "PUBLIC",
              "TITLE": "Password policy evasion in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "myREX24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "myREX24.virtual",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Helmholz"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "OTORIO reported the vulnerabilities to MB connect line."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-669 Incorrect Resource Transfer Between Spheres"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-030",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-030"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 2.12.1"
              }
            ],
            "source": {
              "advisory": "VDE-2021-030, VDE-2022-039",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2021-34574",
        "datePublished": "2021-08-02T10:24:31.932Z",
        "dateReserved": "2021-06-10T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:14:15.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-12527 (GCVE-0-2020-12527)

    Vulnerability from cvelistv5 – Published: 2021-03-02 21:15 – Updated: 2024-09-16 20:43
    VLAI
    Title
    Improper Access Validation in products of MB connect line and Helmholz
    Summary
    An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Date Public
    2022-09-07 00:00
    Credits
    OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:56:52.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "mymbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2.6.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "mbCONNECT24",
              "vendor": "MB connect line",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2.6.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24",
              "vendor": "Helmholz",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.2",
                  "status": "affected",
                  "version": "2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "myREX24.virtual",
              "vendor": "Helmholz",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.11.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-16T06:10:07.000Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to v2.12.1"
            }
          ],
          "source": {
            "advisory": "VDE-2021-003",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Validation in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "info@cert.vde.com",
              "DATE_PUBLIC": "2022-09-07T12:50:00.000Z",
              "ID": "CVE-2020-12527",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Validation in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "mymbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.6.2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "mbCONNECT24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2.6.2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "MB connect line"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "myREX24",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "myREX24.virtual",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "2",
                                "version_value": "2.11.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Helmholz"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-269 Improper Privilege Management"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to v2.12.1"
              }
            ],
            "source": {
              "advisory": "VDE-2021-003",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2020-12527",
        "datePublished": "2021-03-02T21:15:24.885Z",
        "dateReserved": "2020-04-30T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:43:07.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35561 (GCVE-0-2020-35561)

    Vulnerability from cvelistv5 – Published: 2021-02-16 15:49 – Updated: 2024-09-16 18:08
    VLAI
    Title
    SSRF in variuos products of MB connect line and Helmholz
    Summary
    An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2022-09-07 00:00
    Credits
    OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.415Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mbconnectline.com/security-advice/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:25.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mbconnectline.com/security-advice/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.12.1"
            }
          ],
          "source": {
            "advisory": "VDE-2021-030, VDE-2022-039",
            "discovery": "EXTERNAL"
          },
          "title": "SSRF in variuos products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2020-35561",
              "STATE": "PUBLIC",
              "TITLE": "SSRF in variuos products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mbconnectline.com/security-advice/",
                  "refsource": "MISC",
                  "url": "https://mbconnectline.com/security-advice/"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.12.1"
              }
            ],
            "source": {
              "advisory": "VDE-2021-030, VDE-2022-039",
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35561",
        "datePublished": "2021-02-16T15:49:45.850Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:08:12.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35568 (GCVE-0-2020-35568)

    Vulnerability from cvelistv5 – Published: 2021-02-16 15:44 – Updated: 2024-09-17 03:48
    VLAI
    Title
    Sensitive Information Exposure in products of MB connect line and Helmholz
    Summary
    An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2022-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.128Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mbconnectline.com/security-advice/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:27.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mbconnectline.com/security-advice/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.12.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Sensitive Information Exposure in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2020-35568",
              "STATE": "PUBLIC",
              "TITLE": "Sensitive Information Exposure in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mbconnectline.com/security-advice/",
                  "refsource": "MISC",
                  "url": "https://mbconnectline.com/security-advice/"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.12.1"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35568",
        "datePublished": "2021-02-16T15:44:10.164Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:48:34.741Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35566 (GCVE-0-2020-35566)

    Vulnerability from cvelistv5 – Published: 2021-02-16 15:40 – Updated: 2024-09-16 22:31
    VLAI
    Title
    Local file inclusion vulnerability in products of MB connect line and Helmholz
    Summary
    An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2022-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.375Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mbconnectline.com/security-advice/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:26.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mbconnectline.com/security-advice/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to v2.12.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Local file inclusion vulnerability in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2020-35566",
              "STATE": "PUBLIC",
              "TITLE": "Local file inclusion vulnerability in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mbconnectline.com/security-advice/",
                  "refsource": "MISC",
                  "url": "https://mbconnectline.com/security-advice/"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to v2.12.1"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35566",
        "datePublished": "2021-02-16T15:40:07.656Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:31:00.471Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35558 (GCVE-0-2020-35558)

    Vulnerability from cvelistv5 – Published: 2021-02-16 15:26 – Updated: 2024-09-16 20:02
    VLAI
    Title
    SSRF in products of MB connect line and Helmholz
    Summary
    An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2022-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mbconnectline.com/security-advice/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:24.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mbconnectline.com/security-advice/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to v2.12.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "SSRF in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2020-35558",
              "STATE": "PUBLIC",
              "TITLE": "SSRF in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mbconnectline.com/security-advice/",
                  "refsource": "MISC",
                  "url": "https://mbconnectline.com/security-advice/"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to v2.12.1"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35558",
        "datePublished": "2021-02-16T15:26:11.394Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:02:23.622Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35570 (GCVE-0-2020-35570)

    Vulnerability from cvelistv5 – Published: 2021-02-16 15:23 – Updated: 2024-09-16 19:51
    VLAI
    Title
    Foreced Browsing vulnerability in products of MB connect line and Helmholz
    Summary
    An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2022-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mbconnectline.com/security-advice/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:28.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mbconnectline.com/security-advice/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to v2.12.1"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Foreced Browsing vulnerability in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2020-35570",
              "STATE": "PUBLIC",
              "TITLE": "Foreced Browsing vulnerability in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mbconnectline.com/security-advice/",
                  "refsource": "MISC",
                  "url": "https://mbconnectline.com/security-advice/"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to v2.12.1"
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35570",
        "datePublished": "2021-02-16T15:23:53.959Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:51:23.987Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-35557 (GCVE-0-2020-35557)

    Vulnerability from cvelistv5 – Published: 2021-02-16 15:16 – Updated: 2024-09-16 17:42
    VLAI
    Title
    Improper Access Validation in products of MB connect line and Helmholz
    Summary
    An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2022-09-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:09:13.110Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://mbconnectline.com/security-advice/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-09-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-14T14:05:21.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://mbconnectline.com/security-advice/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to v2.12.1"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Improper Access Validation in products of MB connect line and Helmholz",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "DATE_PUBLIC": "2022-09-07T10:00:00.000Z",
              "ID": "CVE-2020-35557",
              "STATE": "PUBLIC",
              "TITLE": "Improper Access Validation in products of MB connect line and Helmholz"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://mbconnectline.com/security-advice/",
                  "refsource": "MISC",
                  "url": "https://mbconnectline.com/security-advice/"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2021-003",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2021-003"
                },
                {
                  "name": "https://cert.vde.com/en/advisories/VDE-2022-039",
                  "refsource": "CONFIRM",
                  "url": "https://cert.vde.com/en/advisories/VDE-2022-039"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to v2.12.1"
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-35557",
        "datePublished": "2021-02-16T15:16:06.296Z",
        "dateReserved": "2020-12-18T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:42:40.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }