Headline
CVE-2023-4834: VDE-2023-043 | CERT@VDE
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
2023-10-16 10:38 (CEST) VDE-2023-043
Helmholz: Vulnerability allows access to non-critical information in myREX24 and myREX24.virtual
Share: Email | Twitter
Published
2023-10-16 10:38 (CEST)
Last update
2023-10-16 10:38 (CEST)
Vendor(s)
Helmholz GmbH & Co. KG
Product(s)
Article No°
Product Name
Affected Version(s)
myREX24
<= 2.14.2
myREX24.virtual
<= 2.14.2
CVE ID
Last Update:
Oct. 16, 2023, 10:59 a.m.
Severity
Weakness
Improper Privilege Management (CWE-269)
Summary
In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.
Details
Solution
Update to latest Version 2.14.3
Reported by
OTORIO reported the vulnerabilities to Red Lion Europe.
Red Lion Europe reported the vulnerabilities to Helmholz.
CERT@VDE coordinated.