CVE-2020-35561
Summary
| CVE | CVE-2020-35561 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-02-16 16:15:00 UTC |
| Updated | 2023-02-16 04:00:00 UTC |
| Description | An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports. |
Risk And Classification
Problem Types: CWE-918
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Helmholz | Myrex24 | All | All | All | All |
| Application | Helmholz | Myrex24.virtual | All | All | All | All |
| Application | Mbconnectline | Mbconnect24 | All | All | All | All |
| Application | Mbconnectline | Mbconnect24 | All | All | All | All |
| Application | Mbconnectline | Mymbconnect24 | All | All | All | All |
| Application | Mbconnectline | Mymbconnect24 | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| MB connect line: Multiple vulnerabilites in mymbCONNECT24 and mbCONNECT24 <= 2.6.2 — German (Germany) | MISC | cert.vde.com | Third Party Advisory |
| VDE-2021-003 | CERT@VDE | CONFIRM | cert.vde.com | |
| Security Advice - MB connect line GmbH | MISC | mbconnectline.com | Vendor Advisory |
| VDE-2022-039 | CERT@VDE | CONFIRM | cert.vde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: OTORIO reported the vulnerabilities to MB connect line. CERT@VDE coordinated.
There are currently no legacy QID mappings associated with this CVE.