Lucene search

CERTVDECVE-2021-34574

HistoryAug 02, 2021 - 11:15 a.m.

CVE-2021-34574

2021-08-0211:15:11

CWE-669

CERTVDE

web.nvd.nist.gov

cve

2021

34574

password policy

authentication

security vulnerability

mb connect line

mymbconnect24

mbconnect24

helmholz myrex24

myrex24.virtual

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.

Affected configurations

Nvd

Node

mbconnectlinembconnect24Range≤2.11.2

mbconnectlinemymbconnect24Range≤2.11.2

Node

helmholzmyrex24Range≤2.11.2

helmholzmyrex24.virtualRange≤2.11.2

VendorProductVersionCPE
mbconnectlinembconnect24*cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*
mbconnectlinemymbconnect24*cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*
helmholzmyrex24*cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*
helmholzmyrex24.virtual*cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mbconnectline	mbconnect24	*	cpe:2.3:a:mbconnectline:mbconnect24::::::::
mbconnectline	mymbconnect24	*	cpe:2.3:a:mbconnectline:mymbconnect24::::::::
helmholz	myrex24	*	cpe:2.3:a:helmholz:myrex24::::::::
helmholz	myrex24.virtual	*	cpe:2.3:a:helmholz:myrex24.virtual::::::::

CNA Affected

[
  {
    "product": "mymbCONNECT24",
    "vendor": "MB connect line",
    "versions": [
      {
        "lessThanOrEqual": "2.11.2",
        "status": "affected",
        "version": "2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "mbCONNECT24",
    "vendor": "MB connect line",
    "versions": [
      {
        "lessThanOrEqual": "2.11.2",
        "status": "affected",
        "version": "2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "myREX24",
    "vendor": "Helmholz",
    "versions": [
      {
        "lessThanOrEqual": "2.11.2",
        "status": "affected",
        "version": "2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "myREX24.virtual",
    "vendor": "Helmholz",
    "versions": [
      {
        "lessThanOrEqual": "2.11.2",
        "status": "affected",
        "version": "2",
        "versionType": "custom"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2021-030

cert.vde.com/en/advisories/VDE-2022-039

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

19.4%

JSON

Related for CVE-2021-34574