Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250
CVE-2023-34412

4.8MEDIUM

Key Information:

Vendor

Red Lion Europe

Status
mbNET
mbNET.rokey
REX 200
REX 250
Vendor
CVE Published:
17 August 2023

What is CVE-2023-34412?

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).

Affected Version(s)

mbNET 0 < 7.3.2

mbNET.rokey 0 < 7.3.2

REX 200 0 < 7.3.2

References

https://cert.vde.com/en/advisories/VDE-2023-012/
https://cert.vde.com/en/advisories/VDE-2023-029/

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-34412 : Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250