CVE-2023-0985

An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. This allows to take over the admin user and therefore fully compromise the account.
References
Link Resource
https://cert.vde.com/en/advisories/VDE-2023-002/ Mitigation Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*

History

15 Jun 2023, 12:04

Type Values Removed Values Added
CPE cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*
References (MISC) https://cert.vde.com/en/advisories/VDE-2023-002/ - (MISC) https://cert.vde.com/en/advisories/VDE-2023-002/ - Mitigation, Third Party Advisory
First Time Mbconnectline
Mbconnectline mbconnect24
Mbconnectline mymbconnect24

06 Jun 2023, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-06 11:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-0985

Mitre link : CVE-2023-0985

CVE.ORG link : CVE-2023-0985


JSON object : View

Products Affected

mbconnectline

  • mbconnect24
  • mymbconnect24
CWE
CWE-639

Authorization Bypass Through User-Controlled Key