CVE-2023-4834

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*

History

24 Oct 2023, 14:52

Type Values Removed Values Added
CPE cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*
cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*
First Time Mbconnectline mbconnect24
Helmholz
Mbconnectline
Mbconnectline mymbconnect24
Helmholz myrex24
Helmholz myrex24.virtual
References (MISC) https://cert.vde.com/en/advisories/VDE-2023-041 - (MISC) https://cert.vde.com/en/advisories/VDE-2023-041 - Third Party Advisory
References (MISC) https://cert.vde.com/en/advisories/VDE-2023-043 - (MISC) https://cert.vde.com/en/advisories/VDE-2023-043 - Third Party Advisory

16 Oct 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-16 09:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-4834

Mitre link : CVE-2023-4834

CVE.ORG link : CVE-2023-4834


JSON object : View

Products Affected

helmholz

  • myrex24.virtual
  • myrex24

mbconnectline

  • mbconnect24
  • mymbconnect24
CWE
CWE-269

Improper Privilege Management