In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2023-041 | Third Party Advisory |
https://cert.vde.com/en/advisories/VDE-2023-043 | Third Party Advisory |
Configurations
History
24 Oct 2023, 14:52
Type | Values Removed | Values Added |
---|---|---|
First Time |
Mbconnectline mbconnect24
Helmholz Mbconnectline Mbconnectline mymbconnect24 Helmholz myrex24 Helmholz myrex24.virtual |
|
References | (MISC) https://cert.vde.com/en/advisories/VDE-2023-041 - Third Party Advisory | |
References | (MISC) https://cert.vde.com/en/advisories/VDE-2023-043 - Third Party Advisory | |
CPE | cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:* cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:* cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:* cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:* |
16 Oct 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-16 09:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4834
Mitre link : CVE-2023-4834
CVE.ORG link : CVE-2023-4834
JSON object : View
Products Affected
mbconnectline
- mbconnect24
- mymbconnect24
helmholz
- myrex24.virtual
- myrex24
CWE
CWE-269
Improper Privilege Management