An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory |
https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory |
https://mbconnectline.com/security-advice/ | Vendor Advisory |
Configurations
History
16 Feb 2023, 03:56
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://cert.vde.com/en/advisories/VDE-2021-003 - Third Party Advisory | |
References | (CONFIRM) https://cert.vde.com/en/advisories/VDE-2022-039 - Third Party Advisory | |
CPE | cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:* cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:* |
|
First Time |
Helmholz
Helmholz myrex24 Helmholz myrex24.virtual |
14 Sep 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials. |
19 Feb 2021, 19:57
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-918 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:* cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:* |
|
References | (MISC) https://cert.vde.com/de-de/advisories/vde-2021-003 - Third Party Advisory | |
References | (MISC) https://mbconnectline.com/security-advice/ - Vendor Advisory |
16 Feb 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in thein the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials. |
16 Feb 2021, 16:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-16 16:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-35558
Mitre link : CVE-2020-35558
CVE.ORG link : CVE-2020-35558
JSON object : View
Products Affected
mbconnectline
- mymbconnect24
- mbconnect24
helmholz
- myrex24.virtual
- myrex24
CWE
CWE-918
Server-Side Request Forgery (SSRF)