CVE-2020-35566

MEDIUM

MymbCONNECT24 <v2.11.2 - Info Disclosure

Title source: llm

Description

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.

References (3)

[Vendor Advisory] https://mbconnectline.com/security-advice/

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2021-003

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2022-039

Scores

CVSS v3 5.3

EPSS 0.0024

EPSS Percentile 46.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-706

Status published

Products (4)

helmholz/myrex24 < 2.11.2

helmholz/myrex24.virtual < 2.11.2

mbconnectline/mbconnect24 < 2.11.2

mbconnectline/mymbconnect24 < 2.11.2

Published Feb 16, 2021

Tracked Since Feb 18, 2026