Lucene search

[email protected]NVD:CVE-2023-4834

HistoryOct 16, 2023 - 9:15 a.m.

CVE-2023-4834

2023-10-1609:15:11

CWE-269

[email protected]

web.nvd.nist.gov

red lion europe mbconnect24

helmholz myrex24 virtual

improper access validation

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.

Affected configurations

NVD

Node

helmholzmyrex24Range≤2.14.2

Node

helmholzmyrex24.virtualRange≤2.14.2

Node

mbconnectlinembconnect24Range≤2.14.2

Node

mbconnectlinemymbconnect24Range≤2.14.2

References

cert.vde.com/en/advisories/VDE-2023-041

cert.vde.com/en/advisories/VDE-2023-043

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

Related for NVD:CVE-2023-4834

prion1 cvelist1 cve1