First published: Tue Feb 16 2021(Updated: )
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mbconnectline Mbconnect24 | <=2.11.2 | |
Mbconnectline Mymbconnect24 | <=2.11.2 | |
Helmholz myREX24 | <=2.11.2 | |
Helmholz Myrex24.virtual | <=2.11.2 |
Update to v2.12.1
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-35566 has a severity rating of medium (5.3).
CVE-2020-35566 affects mbCONNECT24 and myREX24 versions up to and including v2.11.2.
An attacker can exploit CVE-2020-35566 by exploiting a Local File Inclusion vulnerability to read arbitrary JSON files.
Yes, advisories for CVE-2020-35566 are available at the following URLs: [https://cert.vde.com/en/advisories/VDE-2021-003](https://cert.vde.com/en/advisories/VDE-2021-003) and [https://cert.vde.com/en/advisories/VDE-2022-039](https://cert.vde.com/en/advisories/VDE-2022-039).
The CWE ID for CVE-2020-35566 is 706.