Mbconnectline

Mymbconnect24

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2024-23943

  • EPSS 0.42%
  • Veröffentlicht 18.03.2025 11:15:39
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected.

7.1

CVE-2024-23942

  • EPSS 0.03%
  • Veröffentlicht 18.03.2025 11:03:35
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A local user may find a configuration file on the client workstation with unencrypted sensitive data. This allows an attacker to impersonate the device or prevent the device from accessing the cloud portal which leads to a DoS.

7.8

CVE-2024-45273

  • EPSS 0.09%
  • Veröffentlicht 15.10.2024 11:15:11
  • Zuletzt bearbeitet 21.11.2024 09:37:35

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

7.5

CVE-2024-45272

  • EPSS 1.02%
  • Veröffentlicht 15.10.2024 11:15:11
  • Zuletzt bearbeitet 21.11.2024 09:37:35

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

4.3

CVE-2023-4834

  • EPSS 0.11%
  • Veröffentlicht 16.10.2023 09:15:11
  • Zuletzt bearbeitet 21.11.2024 08:36:04

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-crit...

4.3

CVE-2023-1779

  • EPSS 0.08%
  • Veröffentlicht 06.06.2023 11:15:09
  • Zuletzt bearbeitet 21.11.2024 07:39:53

Exposure of Sensitive Information to an unauthorized actor vulnerability in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual in versions <=2.13.3 allow an authorized remote attacker with low privileges to view a l...

8.8

CVE-2023-0985

  • EPSS 0.03%
  • Veröffentlicht 06.06.2023 11:15:09
  • Zuletzt bearbeitet 21.11.2024 07:38:14

An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the sa...

5.3

CVE-2022-22520

  • EPSS 0.3%
  • Veröffentlicht 14.09.2022 14:15:12
  • Zuletzt bearbeitet 21.11.2024 06:46:56

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.

7.5

CVE-2021-34580

  • EPSS 0.3%
  • Veröffentlicht 27.10.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 06:10:44

In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.

7.5

CVE-2021-34575

  • EPSS 0.3%
  • Veröffentlicht 02.08.2021 11:15:11
  • Zuletzt bearbeitet 21.11.2024 06:10:44

In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.