Description
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Published: 2026-05-27
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated remote attacker can exploit an SQL Injection vulnerability in the mb24alarm.php file's _mb24confi_getTagAlarm function, because special elements are not neutralized in a SELECT statement. The flaw allows the attacker to manipulate database queries, which can lead to a full loss of database confidentiality as the attacker can read, modify, or delete data. This exploitation does not require any authentication and is triggered by specially crafted requests.

Affected Systems

The vulnerability affects Helmholz myREX24V2 running any of its virtual or non-virtual editions and the OEM MB Connect Line products mbCONNECT24 and mymbCONNECT24. All firmware releases based on 2.20.0 of Helmholz, and 2.20.0 of MB Connect Line, as identified by the CPEs listed, are impacted unless updated to a version that addresses the injection flaw.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, while the EPSS score is not available, suggesting no publicly reported exploitation yet. The flaw is listed as not in the CISA KEV catalog. The likely attack vector is an unauthenticated HTTP request to the mb24alarm.php endpoint, which can be made from any location that can reach the device. Adversaries exploiting this could read sensitive configuration and alarm data, potentially affecting operational security.

Generated by OpenCVE AI on May 27, 2026 at 09:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest firmware releases of Helmholz:myREX24V2, Helmholz:myREX24V2.virtual, MB Connect Line mbCONNECT24, and mymbCONNECT24 that include the fix for the vulnerable _mb24confi_getTagAlarm function.
  • Validate and sanitize all user input to the mb24alarm.php component so that special characters are properly escaped, preventing further SQL injection attempts.
  • Restrict public network traffic to the mb24alarm.php endpoint by implementing firewall or segmentation rules that allow access only from trusted IP addresses or authenticated sessions.

Generated by OpenCVE AI on May 27, 2026 at 09:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 27 May 2026 08:00:00 +0000

Type Values Removed Values Added
Description An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files _mb24confi_getTagAlarm function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
Title Unauthenticated SQLi in _mb24confi_getTagAlarm function
First Time appeared Helmholz
Helmholz myrex24v2
Helmholz myrex24v2.virtual
Helmholz myrex24v2virtual
Mb Connect Line
Mb Connect Line mbconnect24
Mb Connect Line mymbconnect24
Weaknesses CWE-89
CPEs cpe:2.3:a:helmholz:myrex24v2.virtual:*:*:*:*:*:*:*:*
cpe:2.3:a:helmholz:myrex24v2:*:*:*:*:*:*:*:*
cpe:2.3:a:mb_connect_line:mbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:a:mb_connect_line:mymbconnect24:*:*:*:*:*:*:*:*
cpe:2.3:o:helmholz:myrex24v2:2.20.0:*:*:*:*:*:*:*
cpe:2.3:o:helmholz:myrex24v2virtual:2.20.0:*:*:*:*:*:*:*
cpe:2.3:o:mb_connect_line:mbconnect24:2.20.0:*:*:*:*:*:*:*
cpe:2.3:o:mb_connect_line:mymbconnect24:2.20.0:*:*:*:*:*:*:*
Vendors & Products Helmholz
Helmholz myrex24v2
Helmholz myrex24v2.virtual
Helmholz myrex24v2virtual
Mb Connect Line
Mb Connect Line mbconnect24
Mb Connect Line mymbconnect24
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Helmholz Myrex24v2 Myrex24v2.virtual Myrex24v2virtual
Mb Connect Line Mbconnect24 Mymbconnect24
cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2026-05-27T12:02:27.818Z

Reserved: 2026-04-15T09:33:02.611Z

Link: CVE-2026-40816

cve-icon Vulnrichment

Updated: 2026-05-27T12:02:23.128Z

cve-icon NVD

Status : Received

Published: 2026-05-27T08:16:42.060

Modified: 2026-05-27T08:16:42.060

Link: CVE-2026-40816

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T11:45:15Z

Weaknesses