CVE-2023-4834 - OpenCVE

In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Helmholz	Myrex24 Myrex24.virtual
Mbconnectline	Mbconnect24 Mymbconnect24

Configuration 1 [-]

cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.vde.com/en/advisories/VDE-2023-041
https://cert.vde.com/en/advisories/VDE-2023-043

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published: 2023-10-16T08:40:13.064Z

Updated: 2024-09-16T18:17:07.881Z

Reserved: 2023-09-08T07:54:38.764Z

Link: CVE-2023-4834

Vulnrichment

Updated: 2024-08-02T07:38:00.778Z

NVD

Status : Analyzed

Published: 2023-10-16T09:15:11.830

Modified: 2023-10-24T14:52:35.443

Link: CVE-2023-4834

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4834", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-09-08T07:54:38.764Z", "datePublished": "2023-10-16T08:40:13.064Z", "dateUpdated": "2024-09-16T18:17:07.881Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "mbCONNECT24", "vendor": "Red Lion Europe", "versions": [{"lessThanOrEqual": "2.14.2", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "mymbCONNECT24", "vendor": "Red Lion Europe", "versions": [{"lessThanOrEqual": "2.14.2", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "myREX24", "vendor": "Helmholz", "versions": [{"lessThanOrEqual": "2.14.2", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "myREX24.virtual", "vendor": "Helmholz", "versions": [{"lessThanOrEqual": "2.14.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2023-10-16T08:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div><div><div><p>In <span style=\"background-color: rgb(249, 250, 251);\">Red Lion Europe </span><span style=\"background-color: rgb(249, 250, 251);\">mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an </span>improperly implemented access validation <span style=\"background-color: rgb(255, 255, 255);\">allows an authenticated, </span><span style=\"background-color: rgb(255, 255, 255);\">low privileged</span><span style=\"background-color: rgb(255, 255, 255);\"> attacker to gain read access to limited, non-critical device information in his account he should not have access to.</span>\n</p>\n\t\t\t\t\t</div>\n\t\t\t\t</div>\n\t\t\t</div>\n\t\t</div>\n\t\n"}], "value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-10-16T08:59:23.795Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-041"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-043"}], "source": {"defect": ["CERT@VDE#64587"], "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.778Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-041", "tags": ["x_transferred"]}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-043", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-16T18:16:53.810599Z", "id": "CVE-2023-4834", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T18:17:07.881Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-041", "tags": ["x_transferred"]}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-043", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.778Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4834", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-16T18:16:53.810599Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T18:17:00.850Z"}}], "cna": {"source": {"defect": ["CERT@VDE#64587"], "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Red Lion Europe", "product": "mbCONNECT24", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.14.2"}], "defaultStatus": "unaffected"}, {"vendor": "Red Lion Europe", "product": "mymbCONNECT24", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.14.2"}], "defaultStatus": "unaffected"}, {"vendor": "Helmholz", "product": "myREX24", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.14.2"}], "defaultStatus": "unaffected"}, {"vendor": "Helmholz", "product": "myREX24.virtual", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.14.2"}], "defaultStatus": "unaffected"}], "datePublic": "2023-10-16T08:40:00.000Z", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-041"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-043"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n", "supportingMedia": [{"type": "text/html", "value": "<div><div><div><div><p>In <span style=\"background-color: rgb(249, 250, 251);\">Red Lion Europe </span><span style=\"background-color: rgb(249, 250, 251);\">mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an </span>improperly implemented access validation <span style=\"background-color: rgb(255, 255, 255);\">allows an authenticated, </span><span style=\"background-color: rgb(255, 255, 255);\">low privileged</span><span style=\"background-color: rgb(255, 255, 255);\"> attacker to gain read access to limited, non-critical device information in his account he should not have access to.</span>\n</p>\n\t\t\t\t\t</div>\n\t\t\t\t</div>\n\t\t\t</div>\n\t\t</div>\n\t\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-10-16T08:59:23.795Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4834", "state": "PUBLISHED", "dateUpdated": "2024-09-16T18:17:07.881Z", "dateReserved": "2023-09-08T07:54:38.764Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2023-10-16T08:40:13.064Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B75F1E4-3DFA-4163-A9C7-8CF5C9A78562", "versionEndIncluding": "2.14.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*", "matchCriteriaId": "885E9E11-89FE-468F-8160-EC3B21E6CA77", "versionEndIncluding": "2.14.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*", "matchCriteriaId": "2029F9FB-397A-490D-A86F-B2B39C516A79", "versionEndIncluding": "2.14.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F77AC2B-5B57-4CFF-A4F1-AA8E6B1B8C3B", "versionEndIncluding": "2.14.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"}, {"lang": "es", "value": "En Red Lion Europe mbCONNECT24 y mymbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versi\u00f3n 2.14.2 incluida, una validaci\u00f3n de acceso implementada incorrectamente permite a un atacante autenticado y con pocos privilegios obtener acceso de lectura a informaci\u00f3n limitada y no cr\u00edtica del dispositivo a la que no deber\u00eda tener acceso en su cuenta."}], "id": "CVE-2023-4834", "lastModified": "2023-10-24T14:52:35.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2023-10-16T09:15:11.830", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-041"}, {"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-043"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "info@cert.vde.com", "type": "Primary"}]}