VDE-2026-030
Vulnerability from csaf_mbconnectlinegmbh - Published: 2026-04-02 11:00 - Updated: 2026-04-02 11:00Summary
MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24
Severity
Critical
Notes
Summary: Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.
Impact: CVE-2026-33613 allows RCE resulting in full system compromise impacting confidentiality, integrity, and availability. CVE-2026-33614 and CVE-2026-33616 allow unauthenticated SQLi resulting in arbitrary read access to the complete database, while CVE-2026-33615 results in arbitrary write access to the user table. Lastly CVE-2026-33617 allows unauthenticated access to some sensitive data.
Remediation: Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.
7.2 (High)
Vendor Fix
Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.4.
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
7.5 (High)
Vendor Fix
Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.
9.1 (Critical)
Vendor Fix
Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
7.5 (High)
Vendor Fix
Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.
5.3 (Medium)
Vendor Fix
Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Moritz Abrell",
"Christian Z\u00e4ske"
],
"organization": "SySS GmbH",
"summary": "reporting",
"urls": [
"https://www.syss.de"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities have been discovered in MB connect line mbCONNECT24/mymbCONNECT24 that could allow RCE, SQLi or information leakage.",
"title": "Summary"
},
{
"category": "description",
"text": "CVE-2026-33613 allows RCE resulting in full system compromise impacting confidentiality, integrity, and availability. CVE-2026-33614 and CVE-2026-33616 allow unauthenticated SQLi resulting in arbitrary read access to the complete database, while CVE-2026-33615 results in arbitrary write access to the user table. Lastly CVE-2026-33617 allows unauthenticated access to some sensitive data.",
"title": "Impact"
},
{
"category": "description",
"text": "Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security-team@mbconnectline.de",
"name": "MB connect line GmbH",
"namespace": "https://mbconnectline.com"
},
"references": [
{
"category": "external",
"summary": "Product security incident reports",
"url": "https://mbconnectline.com/security-advice"
},
{
"category": "self",
"summary": "Security Incident Management SIM#2026-03 - PDF",
"url": "https://advisories.mbconnectline.com/pdf/SIM2026-03.pdf"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for MB connect line",
"url": "https://certvde.com/en/advisories/vendor/mbconnectline"
},
{
"category": "self",
"summary": "VDE-2026-030: MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24 - HTML",
"url": "https://certvde.com/en/advisories/VDE-2026-030"
},
{
"category": "self",
"summary": "VDE-2026-030: MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24 - CSAF",
"url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json"
}
],
"title": "MB connect line: Multiple Vulnerabilities in mbCONNECT24/mymbCONNECT24",
"tracking": {
"aliases": [
"VDE-2026-030",
"SIM#2026-03"
],
"current_release_date": "2026-04-02T11:00:00.000Z",
"generator": {
"date": "2026-03-30T06:13:11.100Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.44-1-gc13b05bd"
}
},
"id": "VDE-2026-030",
"initial_release_date": "2026-04-02T11:00:00.000Z",
"revision_history": [
{
"date": "2026-04-02T11:00:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "mbCONNECT24",
"product": {
"name": "MB connect line mbCONNECT24",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"cpe": "cpe:2.3:h:mb_connect_line:mbCONNECT24:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mymbCONNECT24",
"product": {
"name": "MB connect line mymbCONNECT24",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"cpe": "cpe:2.3:h:mb_connect_line:mymbCONNECT24:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:semver/\u003c=2.19.4",
"product": {
"name": "Firmware \u003c=2.19.4",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "2.19.5",
"product": {
"name": "Firmware 2.19.5",
"product_id": "CSAFPID-21002",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mb_connect_line:mbconnect24_firmware:2.19.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "2.19.4",
"product": {
"name": "Firmware 2.19.4",
"product_id": "CSAFPID-21003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mb_connect_line:mbconnect24_firmware:2.19.3:*:*:*:*:*:*:*"
}
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "MB connect line"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.19.4 installed on MB connect line mbCONNECT24",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.19.4 installed on MB connect line mymbCONNECT24",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.19.4 installed on MB connect line mbCONNECT24",
"product_id": "CSAFPID-31003",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mb_connect_line:mbconnect24:2.19.4:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.19.4 installed on MB connect line mymbCONNECT24",
"product_id": "CSAFPID-31004",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mb_connect_line:mymbconnect24:2.19.4:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.19.5 installed on MB connect line mbCONNECT24",
"product_id": "CSAFPID-31005",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mb_connect_line:mbconnect24:2.19.5:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.19.5 installed on MB connect line mymbCONNECT24",
"product_id": "CSAFPID-31006",
"product_identification_helper": {
"cpe": "cpe:2.3:o:mb_connect_line:mymbconnect24:2.19.5:*:*:*:*:*:*:*"
}
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11002"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33613",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise.\n\nThis vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.4.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "RCE in generateSrpArray"
},
{
"cve": "CVE-2026-33614",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated SQLi in getinfo Endpoint"
},
{
"cve": "CVE-2026-33615",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated SQLi in setinfo Endpoint"
},
{
"cve": "CVE-2026-33616",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated SQLi in mb24api Endpoint"
},
{
"cve": "CVE-2026-33617",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these credentials.",
"title": "CVE Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-31005",
"CSAFPID-31006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update the mbCONNECT24/mymbCONNECT24 instance to version 2.19.5.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004"
]
}
],
"title": "Unauthenticated information disclosure in data24 Endpoint"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…