CVE-2020-35570

MEDIUM

MymbCONNECT24 <2.11.2 - Info Disclosure

Title source: llm

Description

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.

References (3)

[Vendor Advisory] https://mbconnectline.com/security-advice/

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2021-003

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2022-039

Scores

CVSS v3 5.3

EPSS 0.0080

EPSS Percentile 74.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-425

Status published

Products (4)

helmholz/myrex24 < 2.11.2

helmholz/myrex24.virtual < 2.11.2

mbconnectline/mbconnect24 < 2.11.2

mbconnectline/mymbconnect24 < 2.11.2

Published Feb 16, 2021

Tracked Since Feb 18, 2026