Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-33616 (GCVE-0-2026-33616)
Vulnerability from cvelistv5 – Published: 2026-04-02 08:59 – Updated: 2026-04-02 13:08
VLAI?
EPSS
Title
MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint
Summary
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://certvde.com/de/advisories/VDE-2026-030 | vendor-advisory |
| https://mbconnectline.csaf-tp.certvde.com/.well-k… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| MB connect line | mbCONNECT24 |
Affected:
0.0.0 , ≤ 2.19.4
(semver)
|
|
| MB connect line | mymbCONNECT24 |
Affected:
0.0.0 , ≤ 2.19.4
(semver)
|
Date Public ?
2026-04-02 09:00
Credits
Moritz Abrell, Christian Zäske from SySS GmbH
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33616",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T13:08:03.527993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:08:18.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.19.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "mymbCONNECT24",
"vendor": "MB connect line",
"versions": [
{
"lessThanOrEqual": "2.19.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"
}
],
"datePublic": "2026-04-02T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.\u003cbr\u003e"
}
],
"value": "An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T08:59:55.743Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://certvde.com/de/advisories/VDE-2026-030"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
}
],
"source": {
"advisory": "VDE-2026-030",
"defect": [
"CERT@VDE#641994"
],
"discovery": "EXTERNAL"
},
"title": "MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2026-33616",
"datePublished": "2026-04-02T08:59:55.743Z",
"dateReserved": "2026-03-23T13:15:49.382Z",
"dateUpdated": "2026-04-02T13:08:18.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-33616",
"date": "2026-05-24",
"epss": "0.00052",
"percentile": "0.16196"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-33616\",\"sourceIdentifier\":\"info@cert.vde.com\",\"published\":\"2026-04-02T10:16:17.080\",\"lastModified\":\"2026-04-16T15:41:30.207\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"info@cert.vde.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.19.4\",\"matchCriteriaId\":\"FF88F461-51FB-482C-A406-07F72FC10D79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.19.4\",\"matchCriteriaId\":\"36E8693F-94C4-46A4-BD83-D87B71B89F12\"}]}]}],\"references\":[{\"url\":\"https://certvde.com/de/advisories/VDE-2026-030\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json\",\"source\":\"info@cert.vde.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33616\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-02T13:08:03.527993Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-02T13:08:15.347Z\"}}], \"cna\": {\"title\": \"MB connect line mbCONNECT24 vulnerable to an unauthenticated SQL injection in the mb24api Endpoint\", \"source\": {\"defect\": [\"CERT@VDE#641994\"], \"advisory\": \"VDE-2026-030\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Moritz Abrell, Christian Z\\u00e4ske from SySS GmbH\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"MB connect line\", \"product\": \"mbCONNECT24\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.19.4\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"MB connect line\", \"product\": \"mymbCONNECT24\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.19.4\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-04-02T09:00:00.000Z\", \"references\": [{\"url\": \"https://certvde.com/de/advisories/VDE-2026-030\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"shortName\": \"CERTVDE\", \"dateUpdated\": \"2026-04-02T08:59:55.743Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-33616\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-02T13:08:18.951Z\", \"dateReserved\": \"2026-03-23T13:15:49.382Z\", \"assignerOrgId\": \"270ccfa6-a436-4e77-922e-914ec3a9685c\", \"datePublished\": \"2026-04-02T08:59:55.743Z\", \"assignerShortName\": \"CERTVDE\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-33616
Vulnerability from fkie_nvd - Published: 2026-04-02 10:16 - Updated: 2026-04-16 15:41
Severity ?
Summary
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
References
| URL | Tags | ||
|---|---|---|---|
| info@cert.vde.com | https://certvde.com/de/advisories/VDE-2026-030 | Third Party Advisory | |
| info@cert.vde.com | https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mbconnectline | mbconnect24 | * | |
| mbconnectline | mymbconnect24 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF88F461-51FB-482C-A406-07F72FC10D79",
"versionEndIncluding": "2.19.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36E8693F-94C4-46A4-BD83-D87B71B89F12",
"versionEndIncluding": "2.19.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality."
}
],
"id": "CVE-2026-33616",
"lastModified": "2026-04-16T15:41:30.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "info@cert.vde.com",
"type": "Primary"
}
]
},
"published": "2026-04-02T10:16:17.080",
"references": [
{
"source": "info@cert.vde.com",
"tags": [
"Third Party Advisory"
],
"url": "https://certvde.com/de/advisories/VDE-2026-030"
},
{
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
],
"url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
}
],
"sourceIdentifier": "info@cert.vde.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "info@cert.vde.com",
"type": "Primary"
}
]
}
GHSA-4CXQ-66M5-GVGM
Vulnerability from github – Published: 2026-04-02 12:31 – Updated: 2026-04-02 12:31
VLAI?
Details
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2026-33616"
],
"database_specific": {
"cwe_ids": [
"CWE-89"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-02T10:16:17Z",
"severity": "HIGH"
},
"details": "An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.",
"id": "GHSA-4cxq-66m5-gvgm",
"modified": "2026-04-02T12:31:05Z",
"published": "2026-04-02T12:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33616"
},
{
"type": "WEB",
"url": "https://certvde.com/de/advisories/VDE-2026-030"
},
{
"type": "WEB",
"url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
VDE-2026-030
Vulnerability from csaf_mbconnectlinegmbh - Published: 2026-04-02 11:00 - Updated: 2026-04-02 11:00Summary
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24
Severity
Critical
Notes
Summary: Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
Impact: CVE-2026-33613 allows RCE resulting in full system compromise impacting confidentiality, integrity, and availability. CVE-2026-33614 and CVE-2026-33616 allow unauthenticated SQLi resulting in arbitrary read access to the complete database, while CVE-2026-33615 results in arbitrary write access to the user table. Lastly CVE-2026-33617 allows unauthenticated access to some sensitive data.
Remediation: Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.
7.2 (High)
Vendor Fix
Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.4.
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
7.5 (High)
Vendor Fix
Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.
9.1 (Critical)
Vendor Fix
Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
7.5 (High)
Vendor Fix
Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.
5.3 (Medium)
Vendor Fix
Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
References
5 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Moritz Abrell",
"Christian Z\u00e4ske"
],
"organization": "SySS GmbH",
"summary": "reporting",
"urls": [
"https://www.syss.de"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.",
"title": "Summary"
},
{
"category": "description",
"text": "CVE-2026-33613 allows RCE resulting in full system compromise impacting confidentiality, integrity, and availability. CVE-2026-33614 and CVE-2026-33616 allow unauthenticated SQLi resulting in arbitrary read access to the complete database, while CVE-2026-33615 results in arbitrary write access to the user table. Lastly CVE-2026-33617 allows unauthenticated access to some sensitive data.",
"title": "Impact"
},
{
"category": "description",
"text": "Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security-team@mbconnectline.de",
"name": "MB connect line GmbH",
"namespace": "https://mbconnectline.com"
},
"references": [
{
"category": "external",
"summary": "Product security incident reports",
"url": "https://mbconnectline.com/security-advice"
},
{
"category": "self",
"summary": "Security Incident Management SIM#2026-03 - PDF",
"url": "https://advisories.mbconnectline.com/pdf/SIM2026-03.pdf"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for MB connect line",
"url": "https://certvde.com/en/advisories/vendor/mbconnectline"
},
{
"category": "self",
"summary": "VDE-2026-030: MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24 - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-030"
},
{
"category": "self",
"summary": "VDE-2026-030: MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24 - CSAF",
"url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
}
],
"title": "MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24",
"tracking": {
"aliases": [
"VDE-2026-030",
"SIM#2026-03"
],
"current_release_date": "2026-04-02T11:00:00.000Z",
"generator": {
"date": "2026-03-30T06:13:11.100Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.44-1-gc13b05bd"
}
},
"id": "VDE-2026-030",
"initial_release_date": "2026-04-02T11:00:00.000Z",
"revision_history": [
{
"date": "2026-04-02T11:00:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "mbCONNECT24",
"product": {
"name": "MB connect line mbCONNECT24",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"cpe": "cpe:2.3:h:mb_connect_line:mbCONNECT24:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mymbCONNECT24",
"product": {
"name": "MB connect line mymbCONNECT24",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"cpe": "cpe:2.3:h:mb_connect_line:mymbCONNECT24:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c=2.19.4",
"product": {
"name": "Firmware \u003c=2.19.4",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "2.19.5",
"product": {
"name": "Firmware 2.19.5",
"product_id": "CSAFPID-21002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mb_connect_line:mbconnect24_firmware:2.19.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "2.19.4",
"product": {
"name": "Firmware 2.19.4",
"product_id": "CSAFPID-21003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mb_connect_line:mbconnect24_firmware:2.19.3:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "MB connect line"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.19.4 installed on MB connect line mbCONNECT24",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.19.4 installed on MB connect line mymbCONNECT24",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.19.4 installed on MB connect line mbCONNECT24",
"product_id": "CSAFPID-31003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mb_connect_line:mbconnect24:2.19.4:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.19.4 installed on MB connect line mymbCONNECT24",
"product_id": "CSAFPID-31004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mb_connect_line:mymbconnect24:2.19.4:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.19.5 installed on MB connect line mbCONNECT24",
"product_id": "CSAFPID-31005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mb_connect_line:mbconnect24:2.19.5:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.19.5 installed on MB connect line mymbCONNECT24",
"product_id": "CSAFPID-31006",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mb_connect_line:mymbconnect24:2.19.5:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33613",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise.\n\nThis vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.4.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "RCE in generateSrpArray"
},
{
"cve": "CVE-2026-33614",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated SQLi in getinfo Endpoint"
},
{
"cve": "CVE-2026-33615",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated SQLi in setinfo Endpoint"
},
{
"cve": "CVE-2026-33616",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated SQLi in mb24api Endpoint"
},
{
"cve": "CVE-2026-33617",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated information disclosure in data24 Endpoint"
}
]
}
VDE-2026-043
Vulnerability from csaf_helmholzgmbhcokg - Published: 2026-04-13 11:00 - Updated: 2026-05-22 13:00Summary
Helmholz: Multiple Vulnerabilities in myREX24V2/myREX24V2.virtual
Severity
Critical
Notes
Summary: Multiple vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual that could allow RCE, SQLi or information leakage.
Impact: CVE-2026-33613 allows RCE resulting in full system compromise impacting confidentiality, integrity, and availability. CVE-2026-33614 and CVE-2026-33616 allow unauthenticated SQLi resulting in arbitrary read access to the complete database, while CVE-2026-33615 results in arbitrary write access to the user table. Lastly CVE-2026-33617 allows unauthenticated access to some sensitive data.
Remediation: Update the myREX24V2/myREX24V2.virtual instance to version 2.19.5.
Disclaimer: Helmholz shall not be held responsible for any indirect, incidental, special, or consequential damages arising from the distribution or use of this document, or from any actions taken in reliance upon its contents. The information contained herein is provided by Helmholz in good faith and free of charge. To the extent permitted under applicable law, such information does not constitute any representation, warranty, guarantee, contractual commitment, or legal obligation on the part of Helmholz. Users remain solely responsible for evaluating the suitability and impact of the information on their specific systems or installations prior to implementation. If any adverse effects are identified, the information must not be applied.
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.
7.2 (High)
Vendor Fix
Update the myREX24V2/myREX24V2.virtual instance to version 2.19.5.
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
7.5 (High)
Vendor Fix
Update the myREX24V2/myREX24V2.virtual instance to version 2.19.5
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.
9.1 (Critical)
Vendor Fix
Update the myREX24V2/myREX24V2.virtual instance to version 2.19.5.
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
7.5 (High)
Vendor Fix
Update the myREX24V2/myREX24V2.virtual instance to version 2.19.5.
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.
5.3 (Medium)
Vendor Fix
Update the myREX24V2/myREX24V2.virtual instance to version 2.19.5.
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — |
References
4 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Moritz Abrell",
"Christian Z\u00e4ske"
],
"organization": "SySS GmbH",
"summary": "reporting",
"urls": [
"https://www.syss.de"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities have been discovered in Helmholz myREX24V2/myREX24V2.virtual that could allow RCE, SQLi or information leakage.",
"title": "Summary"
},
{
"category": "description",
"text": "CVE-2026-33613 allows RCE resulting in full system compromise impacting confidentiality, integrity, and availability. CVE-2026-33614 and CVE-2026-33616 allow unauthenticated SQLi resulting in arbitrary read access to the complete database, while CVE-2026-33615 results in arbitrary write access to the user table. Lastly CVE-2026-33617 allows unauthenticated access to some sensitive data.",
"title": "Impact"
},
{
"category": "description",
"text": "Update the myREX24V2/myREX24V2.virtual instance to version 2.19.5.",
"title": "Remediation"
},
{
"category": "legal_disclaimer",
"text": "Helmholz shall not be held responsible for any indirect, incidental, special, or consequential damages arising from the distribution or use of this document, or from any actions taken in reliance upon its contents. The information contained herein is provided by Helmholz in good faith and free of charge. To the extent permitted under applicable law, such information does not constitute any representation, warranty, guarantee, contractual commitment, or legal obligation on the part of Helmholz. Users remain solely responsible for evaluating the suitability and impact of the information on their specific systems or installations prior to implementation. If any adverse effects are identified, the information must not be applied.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@helmholz.de",
"name": "Helmholz GmbH \u0026 Co. KG",
"namespace": "https://www.helmholz.de"
},
"references": [
{
"category": "self",
"summary": "Security Incident Management SIM#2026-03 - PDF",
"url": "https://advisories.helmholz.com/pdf/SIM2026-03.pdf"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Helmholz",
"url": "https://certvde.com/en/advisories/vendor/helmholz"
},
{
"category": "self",
"summary": "VDE-2026-043: Helmholz: Multiple Vulnerabilities in myREX24V2/myREX24V2.virtual - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-043"
},
{
"category": "self",
"summary": "VDE-2026-043: Helmholz: Multiple Vulnerabilities in myREX24V2/myREX24V2.virtual - CSAF",
"url": "https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-043.json"
}
],
"title": "Helmholz: Multiple Vulnerabilities in myREX24V2/myREX24V2.virtual",
"tracking": {
"aliases": [
"VDE-2026-043",
"SIM#2026-03"
],
"current_release_date": "2026-05-22T13:00:00.000Z",
"generator": {
"date": "2026-04-13T11:35:08.245Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.47"
}
},
"id": "VDE-2026-043",
"initial_release_date": "2026-04-13T11:00:00.000Z",
"revision_history": [
{
"date": "2026-04-13T11:00:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
},
{
"date": "2026-05-22T13:00:00.000Z",
"number": "2.0.0",
"summary": "Typo Fix"
}
],
"status": "final",
"version": "2.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "myREX24V2",
"product": {
"name": "Helmholz myREX24V2",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"cpe": "cpe:2.3:h:helmholz:myREX24V2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "myREX24V2.virtual",
"product": {
"name": "Helmholz myREX24V2.virtual",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"cpe": "cpe:2.3:h:helmholz:myREX24V2virtual:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c=2.19.4",
"product": {
"name": "Firmware \u003c=2.19.4",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "2.19.5",
"product": {
"name": "Firmware 2.19.5",
"product_id": "CSAFPID-21002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:helmholz:myREX24V2_firmware:2.19.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "2.19.4",
"product": {
"name": "Firmware 2.19.4",
"product_id": "CSAFPID-21003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:helmholz:myREX24V2_firmware:2.19.4:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Helmholz"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.19.4 installed on Helmholz myREX24V2",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.19.4 installed on Helmholz myREX24V2.virtual",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.19.4 installed on Helmholz myREX24V2",
"product_id": "CSAFPID-31003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:helmholz:myREX24V2:2.19.4:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.19.4 installed on Helmholz myREX24V2.virtual",
"product_id": "CSAFPID-31004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:helmholz:myREX24V2virtual:2.19.4:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.19.5 installed on Helmholz myREX24V2",
"product_id": "CSAFPID-31005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:helmholz:myREX24V2:2.19.5:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.19.5 installed on Helmholz myREX24V2.virtual",
"product_id": "CSAFPID-31006",
"product_identification_helper": {
"cpe": "cpe:2.3:o:helmholz:myREX24V2virtual:2.19.5:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33613",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise.\n\nThis vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the myREX24V2/myREX24V2.virtual instance to version 2.19.5.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "RCE in generateSrpArray"
},
{
"cve": "CVE-2026-33614",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the myREX24V2/myREX24V2.virtual instance to version 2.19.5",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated SQLi in getinfo Endpoint"
},
{
"cve": "CVE-2026-33615",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the myREX24V2/myREX24V2.virtual instance to version 2.19.5.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated SQLi in setinfo Endpoint"
},
{
"cve": "CVE-2026-33616",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the myREX24V2/myREX24V2.virtual instance to version 2.19.5.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated SQLi in mb24api Endpoint"
},
{
"cve": "CVE-2026-33617",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the myREX24V2/myREX24V2.virtual instance to version 2.19.5.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated information disclosure in data24 Endpoint"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…