An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.
References
Link | Resource |
---|---|
https://cert.vde.com/en/advisories/VDE-2021-003 | Third Party Advisory |
https://cert.vde.com/en/advisories/VDE-2022-039 | Third Party Advisory |
https://mbconnectline.com/security-advice/ | Vendor Advisory |
Configurations
History
14 Sep 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation. | |
CWE | CWE-269 |
Information
Published : 2021-02-16 16:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-35557
Mitre link : CVE-2020-35557
CVE.ORG link : CVE-2020-35557
JSON object : View
Products Affected
mbconnectline
- mbconnect24
- mymbconnect24
helmholz
- myrex24.virtual
- myrex24
CWE
CWE-269
Improper Privilege Management