First published: Tue Feb 16 2021(Updated: )
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mbconnectline Mbconnect24 | <=2.11.2 | |
Mbconnectline Mymbconnect24 | <=2.11.2 | |
Helmholz myREX24 | <=2.11.2 | |
Helmholz Myrex24.virtual | <=2.11.2 |
Update to v2.12.1
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2020-35558.
The severity of CVE-2020-35558 is high, with a score of 7.5.
CVE-2020-35558 affects versions up to and including 2.11.2 of the following software: MB connect line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and Helmholz myREX24.virtual.
CVE-2020-35558 is an SSRF vulnerability in the MySQL access check of MB connect line mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and Helmholz myREX24.virtual versions up to and including 2.11.2, allowing attackers to scan for open ports and gain information about possible credentials.
To fix CVE-2020-35558, it is recommended to update the affected software to a version beyond 2.11.2. Additionally, follow any security advice provided by the software vendor.