{"api_version":"1","generated_at":"2026-04-23T13:49:58+00:00","cve":"CVE-2020-35558","urls":{"html":"https://cve.report/CVE-2020-35558","api":"https://cve.report/api/cve/CVE-2020-35558.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-35558","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-35558"},"summary":{"title":"CVE-2020-35558","description":"An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-02-16 16:15:00","updated_at":"2023-02-16 03:56:00"},"problem_types":["CWE-918"],"metrics":[],"references":[{"url":"https://cert.vde.com/de-de/advisories/vde-2021-003","name":"https://cert.vde.com/de-de/advisories/vde-2021-003","refsource":"MISC","tags":["Third Party Advisory"],"title":"MB connect line: Multiple vulnerabilites in mymbCONNECT24 and mbCONNECT24 <= 2.6.2 — German (Germany)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cert.vde.com/en/advisories/VDE-2021-003","name":"https://cert.vde.com/en/advisories/VDE-2021-003","refsource":"CONFIRM","tags":[],"title":"VDE-2021-003 | CERT@VDE","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://mbconnectline.com/security-advice/","name":"https://mbconnectline.com/security-advice/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Advice - MB connect line GmbH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cert.vde.com/en/advisories/VDE-2022-039","name":"https://cert.vde.com/en/advisories/VDE-2022-039","refsource":"CONFIRM","tags":[],"title":"VDE-2022-039 | CERT@VDE","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-35558","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35558","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"35558","vulnerable":"1","versionEndIncluding":"2.11.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"helmholz","cpe5":"myrex24","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"35558","vulnerable":"1","versionEndIncluding":"2.11.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"helmholz","cpe5":"myrex24.virtual","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"35558","vulnerable":"1","versionEndIncluding":"2.11.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mbconnectline","cpe5":"mbconnect24","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"35558","vulnerable":"1","versionEndIncluding":"2.6.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mbconnectline","cpe5":"mbconnect24","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"35558","vulnerable":"1","versionEndIncluding":"2.11.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mbconnectline","cpe5":"mymbconnect24","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"35558","vulnerable":"1","versionEndIncluding":"2.6.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mbconnectline","cpe5":"mymbconnect24","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","DATE_PUBLIC":"2022-09-07T10:00:00.000Z","ID":"CVE-2020-35558","STATE":"PUBLIC","TITLE":"SSRF in products of MB connect line and Helmholz"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://mbconnectline.com/security-advice/","refsource":"MISC","url":"https://mbconnectline.com/security-advice/"},{"name":"https://cert.vde.com/en/advisories/VDE-2021-003","refsource":"CONFIRM","url":"https://cert.vde.com/en/advisories/VDE-2021-003"},{"name":"https://cert.vde.com/en/advisories/VDE-2022-039","refsource":"CONFIRM","url":"https://cert.vde.com/en/advisories/VDE-2022-039"}]},"solution":[{"lang":"eng","value":"Update to v2.12.1"}],"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2021-02-16 16:15:00","lastModifiedDate":"2023-02-16 03:56:00","problem_types":["CWE-918"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*","versionEndIncluding":"2.11.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*","versionEndIncluding":"2.11.2","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*","versionEndIncluding":"2.11.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*","versionEndIncluding":"2.11.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"35558","Ordinal":"195063","Title":"CVE-2020-35558","CVE":"CVE-2020-35558","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"35558","Ordinal":"1","NoteData":"An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an SSRF in thein the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"35558","Ordinal":"2","NoteData":"2021-02-16","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"35558","Ordinal":"3","NoteData":"2021-02-16","Type":"Other","Title":"Modified"}]}}}