Improper Access Validation in products of MB connect line and Helmholz
CVE-2020-12527

6.5MEDIUM

Key Information:

Vendor: Mb Connect Line
Status: Mymbconnect24; Mbconnect24; Myrex24; Myrex24.virtual
Vendor: CVE Published:; 2 March 2021

🔔 Create Mb Connect Line Vulnerability Alert

What is CVE-2020-12527?

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.

Affected Version(s)

mbCONNECT24 2.6.2 <= 2.11.2

mymbCONNECT24 2.6.2 <= 2.11.2

myREX24 2 <= 2.11.2

References

https://cert.vde.com/en/advisories/VDE-2021-003

x_refsource_CONFIRM

https://cert.vde.com/en/advisories/VDE-2022-039

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2021
Vulnerability Reserved
Apr 30, 2020

Credit

OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.