MB connect line: Vulnerability allows access to non-critical information in mbCONNECT24 and mymbCONNECT24

VDE-2023-041

Last update

16.10.2023 10:38

Published at

16.10.2023 10:38

Vendor(s)

MB connect line GmbH

External ID

VDE-2023-041

CSAF Document

Download

Summary

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.

Impact

An authenticated, low privileged attacker can gain read access to limited, non-critical device information in his account he should not have access to.

Affected Product(s)

Model no.	Product name	Affected versions
	mbCONNECT24 <=2.14.2	mbCONNECT24 <=2.14.2
	mymbCONNECT24 <=2.14.2	mymbCONNECT24 <=2.14.2

Vulnerabilities

Expand / Collapse all

Published

22.09.2025 14:58

Severity

4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weakness

Improper Privilege Management (CWE-269)

Summary

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.

References

cve.org | nvd.nist.gov

Remediation

Update to latest Version 2.14.3

Revision History

Version	Date	Summary
1.0.0	16.10.2023 10:38	Initial revision.

MB connect line: Vulnerability allows access to non-critical information in mbCONNECT24 and mymbCONNECT24

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2023-4834 4.3

Remediation

Revision History