Vulnerability Details CVE-2020-35557
An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.2%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2020-35557
-
cpe:2.3:a:helmholz:myrex24.virtual:2.11.2
-
cpe:2.3:a:helmholz:myrex24:2.11.2
-
cpe:2.3:a:mbconnectline:mbconnect24:-
-
cpe:2.3:a:mbconnectline:mbconnect24:2.11.2
-
cpe:2.3:a:mbconnectline:mbconnect24:2.5.0
-
cpe:2.3:a:mbconnectline:mbconnect24:2.6.1
-
cpe:2.3:a:mbconnectline:mbconnect24:2.6.2
-
cpe:2.3:a:mbconnectline:mbconnect24:2.8.0
-
cpe:2.3:a:mbconnectline:mymbconnect24:-
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.11.2
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.5.0
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.6.1
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.6.2
-
cpe:2.3:a:mbconnectline:mymbconnect24:2.8.0