CVE-2020-35566 - OpenCVE

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Helmholz	Myrex24 Myrex24.virtual
Mbconnectline	Mbconnect24 Mymbconnect24

Configuration 1 [-]

OR	cpe:2.3:a:mbconnectline:mbconnect24::::::::
	cpe:2.3:a:mbconnectline:mymbconnect24::::::::

Configuration 2 [-]

OR	cpe:2.3:a:helmholz:myrex24::::::::
	cpe:2.3:a:helmholz:myrex24.virtual::::::::

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2021-003
https://cert.vde.com/en/advisories/VDE-2022-039
https://mbconnectline.com/security-advice/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-16T15:40:07.656065Z

Updated: 2024-09-16T22:31:00.471Z

Reserved: 2020-12-18T00:00:00

Link: CVE-2020-35566

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-02-16T16:15:13.567

Modified: 2023-02-16T04:00:47.157

Link: CVE-2020-35566

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2022-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-14T14:05:26", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://mbconnectline.com/security-advice/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en/advisories/VDE-2021-003"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert.vde.com/en/advisories/VDE-2022-039"}], "solutions": [{"lang": "en", "value": "Update to v2.12.1"}], "source": {"discovery": "EXTERNAL"}, "title": "Local file inclusion vulnerability in products of MB connect line and Helmholz", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_PUBLIC": "2022-09-07T10:00:00.000Z", "ID": "CVE-2020-35566", "STATE": "PUBLIC", "TITLE": "Local file inclusion vulnerability in products of MB connect line and Helmholz"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://mbconnectline.com/security-advice/", "refsource": "MISC", "url": "https://mbconnectline.com/security-advice/"}, {"name": "https://cert.vde.com/en/advisories/VDE-2021-003", "refsource": "CONFIRM", "url": "https://cert.vde.com/en/advisories/VDE-2021-003"}, {"name": "https://cert.vde.com/en/advisories/VDE-2022-039", "refsource": "CONFIRM", "url": "https://cert.vde.com/en/advisories/VDE-2022-039"}]}, "solution": [{"lang": "en", "value": "Update to v2.12.1"}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:09:13.375Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mbconnectline.com/security-advice/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en/advisories/VDE-2021-003"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert.vde.com/en/advisories/VDE-2022-039"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35566", "datePublished": "2021-02-16T15:40:07.656065Z", "dateReserved": "2020-12-18T00:00:00", "dateUpdated": "2024-09-16T22:31:00.471Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D55D697-78A4-44E3-B6B6-E5349C610148", "versionEndIncluding": "2.11.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*", "matchCriteriaId": "04561EEC-B011-46F8-8C56-E5546D0ECD6A", "versionEndIncluding": "2.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EE3EED2-43AC-4129-B2C8-88DEBFEF8BA0", "versionEndIncluding": "2.11.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*", "matchCriteriaId": "847B9BE1-D7E5-4B6B-A59D-282BB58A8B64", "versionEndIncluding": "2.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion."}, {"lang": "es", "value": "Se detect\u00f3 un problema en la l\u00ednea de conexi\u00f3n MB mymbCONNECT24, mbCONNECT24 y Helmholz myREX24 y myREX24.virtual en todas las versiones hasta la v2.11.2. Un atacante puede leer archivos JSON arbitrarios a trav\u00e9s de la inclusi\u00f3n de archivos locales."}], "id": "CVE-2020-35566", "lastModified": "2023-02-16T04:00:47.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2021-02-16T16:15:13.567", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2021-003"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2022-039"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://mbconnectline.com/security-advice/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-706"}], "source": "nvd@nist.gov", "type": "Primary"}]}