An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory |
https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory |
https://mbconnectline.com/security-advice/ | Vendor Advisory |
Configurations
History
16 Feb 2023, 04:03
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://cert.vde.com/en/advisories/VDE-2021-003 - Third Party Advisory | |
References | (CONFIRM) https://cert.vde.com/en/advisories/VDE-2022-039 - Third Party Advisory | |
First Time |
Helmholz
Helmholz myrex24 Helmholz myrex24.virtual |
|
CPE | cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:* cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:* |
14 Sep 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing. | |
References |
|
|
19 Feb 2021, 20:06
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MISC) https://cert.vde.com/de-de/advisories/vde-2021-003 - Third Party Advisory | |
References | (MISC) https://mbconnectline.com/security-advice/ - Vendor Advisory | |
CWE | CWE-425 | |
CPE | cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:* cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:* |
16 Feb 2021, 16:41
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-16 16:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-35570
Mitre link : CVE-2020-35570
CVE.ORG link : CVE-2020-35570
JSON object : View
Products Affected
helmholz
- myrex24.virtual
- myrex24
mbconnectline
- mbconnect24
- mymbconnect24
CWE
CWE-425
Direct Request ('Forced Browsing')