CVE-2023-4834

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*

History

24 Oct 2023, 14:52

Type Values Removed Values Added
First Time Mbconnectline mbconnect24
Helmholz
Mbconnectline
Mbconnectline mymbconnect24
Helmholz myrex24
Helmholz myrex24.virtual
References (MISC) https://cert.vde.com/en/advisories/VDE-2023-041 - (MISC) https://cert.vde.com/en/advisories/VDE-2023-041 - Third Party Advisory
References (MISC) https://cert.vde.com/en/advisories/VDE-2023-043 - (MISC) https://cert.vde.com/en/advisories/VDE-2023-043 - Third Party Advisory
CPE cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*
cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*

16 Oct 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-16 09:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-4834

Mitre link : CVE-2023-4834

CVE.ORG link : CVE-2023-4834


JSON object : View

Products Affected

mbconnectline

  • mbconnect24
  • mymbconnect24

helmholz

  • myrex24.virtual
  • myrex24
CWE
CWE-269

Improper Privilege Management