CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45271 – MB connect line/Helmholz: Remote code execution due to improper input validation
https://notcve.org/view.php?id=CVE-2024-45271
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. Un atacante local no autenticado puede obtener privilegios de administrador al implementar un archivo de configuración debido a una validación de entrada incorrecta. • https://cert.vde.com/en/advisories/VDE-2024-056 https://cert.vde.com/en/advisories/VDE-2024-066 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5672 – Red Lion Europe: mbNET.mini vulnerable to OS command injection
https://notcve.org/view.php?id=CVE-2024-5672
A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command. Helmholz Industrial Router REX100 and MBConnectline mbNET.mini versions 2.2.11 and below suffer from a command injection vulnerability. • http://seclists.org/fulldisclosure/2024/Jul/6 https://cert.vde.com/en/advisories/VDE-2024-030 https://cert.vde.com/en/advisories/VDE-2024-032 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2023-4834
https://notcve.org/view.php?id=CVE-2023-4834
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to. En Red Lion Europe mbCONNECT24 y mymbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versión 2.14.2 incluida, una validación de acceso implementada incorrectamente permite a un atacante autenticado y con pocos privilegios obtener acceso de lectura a información limitada y no crítica del dispositivo a la que no debería tener acceso en su cuenta. • https://cert.vde.com/en/advisories/VDE-2023-041 https://cert.vde.com/en/advisories/VDE-2023-043 • CWE-269: Improper Privilege Management •
CVSS: 5.4EPSS: 0%CPEs: 34EXPL: 0CVE-2023-34412 – Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250
https://notcve.org/view.php?id=CVE-2023-34412
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS). • https://cert.vde.com/en/advisories/VDE-2023-012 https://cert.vde.com/en/advisories/VDE-2023-029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22520 – User enumeration vulnerability in MB connect line and Helmholz products
https://notcve.org/view.php?id=CVE-2022-22520
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Un atacante remoto no autenticado puede enumerar usuarios válidos mediante el envío de peticiones específicas al webservice de la línea de conexión MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual en todas las versiones hasta v2.11.2 • https://cert.vde.com/en/advisories/VDE-2022-011 https://cert.vde.com/en/advisories/VDE-2022-039 • CWE-204: Observable Response Discrepancy •