Description
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
References (2)
Core 2
Core References
Not Applicable x_refsource_confirm
https://cert.vde.com/en/advisories/VDE-2022-039
Third Party Advisory, VDB Entry x_refsource_confirm
https://cert.vde.com/en/advisories/VDE-2022-011
Scores
CVSS v3
5.3
EPSS
0.0079
EPSS Percentile
51.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-204
Status
published
Products (4)
helmholz/myrex24
< 2.11.2
helmholz/myrex24.virtual
< 2.11.2
mbconnectline/mbconnect24
< 2.11.2
mbconnectline/mymbconnect24
< 2.11.2
Published
Sep 14, 2022
Tracked Since
Feb 18, 2026