VDE-2023-043
Last update
16.10.2023 10:38
Published at
16.10.2023 10:38
Vendor(s)
Helmholz GmbH & Co. KG
External ID
VDE-2023-043
CSAF Document
Summary
A vulnerability in the affected products allows an authenticated, low-privileged attacker to gain unauthorized read access to limited, non-critical device information. The issue arises from improper access validation.
Impact
An authenticated, low privileged attacker can gain read access to limited, non-critical device information in his account he should not have access to.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| myREX24 <=2.14.2 | myREX24 <=2.14.2 | |
| myREX24.virtual <=2.14.2 | myREX24.virtual <=2.14.2 |
Vulnerabilities
Expand / Collapse all
Published
22.09.2025 14:57
Severity
Weakness
Improper Privilege Management (CWE-269)
Summary
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
References
Remediation
Update to latest Version 2.14.3
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 16.10.2023 10:38 | Initial revision. |