CVE-2022-22520

A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.

CVSS v3.0 5.3 MEDIUM

5.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cert.vde.com/en/advisories/VDE-2022-039	Not Applicable
https://cert.vde.com/en/advisories/VDE-2022-011	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mbconnectline:mbconnect24::::::::
	cpe:2.3:a:mbconnectline:mymbconnect24::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:helmholz:myrex24.virtual::::::::
	cpe:2.3:a:helmholz:myrex24::::::::

Information

Published : 2022-09-14 07:15

Updated : 2022-09-30 19:33

NVD link : CVE-2022-22520

Mitre link : CVE-2022-22520

JSON object : View

CWE

CWE-204

Observable Response Discrepancy

Products Affected

mbconnectline

mymbconnect24
mbconnect24

helmholz

myrex24
myrex24.virtual

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://cert.vde.com/en/advisories/VDE-2022-039", "name": "https://cert.vde.com/en/advisories/VDE-2022-039", "tags": ["Not Applicable"], "refsource": "CONFIRM"}, {"url": "https://cert.vde.com/en/advisories/VDE-2022-011", "name": "https://cert.vde.com/en/advisories/VDE-2022-011", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-204"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-22520", "ASSIGNER": "info@cert.vde.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}}, "publishedDate": "2022-09-14T14:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.11.2"}, {"cpe23Uri": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.11.2"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.11.2"}, {"cpe23Uri": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.11.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-10-01T02:33Z"}

5.3 /10