CVE-2023-34412

{"id": "CVE-2023-34412", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "info@cert.vde.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-08-17T14:15:09.700", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-012/", "tags": ["Third Party Advisory"], "source": "info@cert.vde.com"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-029/", "tags": ["Third Party Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."}], "lastModified": "2024-02-29T01:39:49.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18903E70-B902-4182-B41D-666EB8C3B61C", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "53454815-3E7A-4097-8FC7-2F7634DAF7E1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66925474-A4F6-4D7C-8163-290761406352", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "28B3785D-8EFF-4A67-88F1-8F9D0EC39D6C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_210_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "498A9C6F-FCEE-44F9-AC64-8C070E9E31A4", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_210:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1DBA39B6-4D76-44ED-847F-10B2BA96EB0F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_216_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2FEA63F-166C-4D08-8F49-8F1962CB97E2", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_216:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F530332-3BFB-43D3-AD5F-0B4410543BEA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_235_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35085939-39A2-482B-802F-77313F1CA63D", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_235:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "873AEDC5-A8B6-4B76-8A43-A3C6241ABE09"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_259_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EF81568-103C-408A-A575-33588BF5903B", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_259:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "031FFFE6-9C5F-47D9-8264-CC7C2D256941"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_811_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBE73666-D739-4C07-B7B4-31BBC0608C74", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_811:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "30C680F1-60C6-43BF-BE62-D9D49A609734"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_850_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12FBFD60-81BC-4B25-8AC5-E041E57A870E", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_850:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C293C0F8-EF07-4F19-A7B6-CE5EC170E042"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_871_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68D51AD3-E614-45C3-8163-9547DCD41FEB", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_871:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B4347DC3-2035-4328-91CE-3ABA912A3B7D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_831_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C06DD90C-4E6D-4836-99CA-16A0F0AAE6E1", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_831:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A275C2A8-D5B6-4B32-9080-5E41B51B4487"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_855_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1997B14-061F-47D6-8FF0-266D316211CB", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_855:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "055F9937-565E-4103-9E2A-0BB274B1D770"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_876_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A72C9074-B9A0-4DF9-9262-0937C6B2B3FF", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_876:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E152B4F0-44A1-45FD-A541-0E039479DC00"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_858_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "745A8264-D4A7-4431-83E0-63FA59A8E575", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_858:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0002E5EA-F173-4861-95D9-6996A51F08A0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_816_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD074843-119D-4738-8F52-D43B825AA472", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_816:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B61FB21C-AD6B-4BF8-A303-8C0122276B7A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_841_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAEF7742-A151-4139-A664-DE482CC1B830", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_841:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1C27B28-A5ED-4C25-B0B9-14D1E89A414B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_859_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AC171EC-9196-4DFA-A07F-C4DC8D1037DD", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_859:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "35427F3B-13D9-42E4-8547-0DC3A2B03662"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_835_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "967284B7-89DE-41E7-AD1F-61F0F3530944", "versionEndExcluding": "7.3.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_835:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "53DA2CB3-9C62-4CE1-8DB8-2E7378D162E4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "info@cert.vde.com"}