CVE-2023-4834

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2023-041	Third Party Advisory
https://cert.vde.com/en/advisories/VDE-2023-043	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*

History

24 Oct 2023, 14:52

Type	Values Removed	Values Added
First Time		Mbconnectline mymbconnect24 Helmholz myrex24 Helmholz myrex24.virtual Mbconnectline mbconnect24 Helmholz Mbconnectline
CPE		cpe:2.3:a:mbconnectline:mymbconnect24:::::::: cpe:2.3:a:mbconnectline:mbconnect24:::::::: cpe:2.3:a:helmholz:myrex24.virtual:::::::: cpe:2.3:a:helmholz:myrex24::::::::
References	~~(MISC) https://cert.vde.com/en/advisories/VDE-2023-043 -~~	(MISC) https://cert.vde.com/en/advisories/VDE-2023-043 - Third Party Advisory
References	~~(MISC) https://cert.vde.com/en/advisories/VDE-2023-041 -~~	(MISC) https://cert.vde.com/en/advisories/VDE-2023-041 - Third Party Advisory

16 Oct 2023, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-16 09:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-4834

Mitre link : CVE-2023-4834

CVE.ORG link : CVE-2023-4834

JSON object : View

Products Affected

helmholz

myrex24.virtual
myrex24

mbconnectline

mbconnect24
mymbconnect24

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2023-4834", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-10-16T09:15:11.830", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-041", "tags": ["Third Party Advisory"], "source": "info@cert.vde.com"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-043", "tags": ["Third Party Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"}, {"lang": "es", "value": "En Red Lion Europe mbCONNECT24 y mymbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versi\u00f3n 2.14.2 incluida, una validaci\u00f3n de acceso implementada incorrectamente permite a un atacante autenticado y con pocos privilegios obtener acceso de lectura a informaci\u00f3n limitada y no cr\u00edtica del dispositivo a la que no deber\u00eda tener acceso en su cuenta."}], "lastModified": "2023-10-24T14:52:35.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B75F1E4-3DFA-4163-A9C7-8CF5C9A78562", "versionEndIncluding": "2.14.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "885E9E11-89FE-468F-8160-EC3B21E6CA77", "versionEndIncluding": "2.14.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2029F9FB-397A-490D-A86F-B2B39C516A79", "versionEndIncluding": "2.14.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F77AC2B-5B57-4CFF-A4F1-AA8E6B1B8C3B", "versionEndIncluding": "2.14.2"}], "operator": "OR"}]}], "sourceIdentifier": "info@cert.vde.com"}