CVE-2021-34574

MEDIUM

mymbCONNECT24 - Auth Bypass

Title source: llm

Description

In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting and modifying the request that is send to the server.

References (2)

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2022-039

[Third Party Advisory] https://cert.vde.com/en/advisories/VDE-2021-030

Scores

CVSS v3 4.3

EPSS 0.0026

EPSS Percentile 49.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-669

Status published

Products (4)

helmholz/myrex24 < 2.11.2

helmholz/myrex24.virtual < 2.11.2

mbconnectline/mbconnect24 < 2.11.2

mbconnectline/mymbconnect24 < 2.11.2

Published Aug 02, 2021

Tracked Since Feb 18, 2026