Code injection

2021-02-1616:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

JSON

An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.

CPENameOperatorVersion
myrex24le2.11.2
myrex24.virtualle2.11.2
mbconnect24le2.11.2
mymbconnect24le2.11.2

Name	Operator	Version
myrex24	le	2.11.2
myrex24.virtual	le	2.11.2
mbconnect24	le	2.11.2
mymbconnect24	le	2.11.2

References

cert.vde.com/en/advisories/VDE-2021-003

cert.vde.com/en/advisories/VDE-2022-039

mbconnectline.com/security-advice/