First published: Tue Feb 16 2021(Updated: )
An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mbconnectline Mbconnect24 | <=2.11.2 | |
Mbconnectline Mymbconnect24 | <=2.11.2 | |
Helmholz myREX24 | <=2.11.2 | |
Helmholz Myrex24.virtual | <=2.11.2 |
Update to v2.12.1
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-35557.
The severity of CVE-2020-35557 is medium with a CVSS score of 6.5.
Versions up to and including v2.11.2 of MB connect line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual are affected.
The issue allows a logged in user to view devices in their account that they should not have access to due to improper access validation.
Apply the latest updates and patches provided by MB connect line and Helmholz to mitigate the vulnerability.