CVE-2020-12527

Description

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions.

Affected Software
References

Software	From	Fixed in
mbconnectline / mymbconnect24	-	2.11.2.x
mbconnectline / mbconnect24	-	2.11.2.x
helmholz / myrex24.virtual	-	2.11.2.x
helmholz / myrex24	-	2.11.2.x

https://cert.vde.com/en/advisories/VDE-2021-003
https://cert.vde.com/en/advisories/VDE-2022-039

Severity: Medium

CVE: CVE-2020-12527
Published: Mar 2, 2021
Updated: Apr 13, 2023
Exploit:

Severity: Medium
Score: 6.8
AV:N/AC:L/Au:S/C:N/I:N/A:C

CWE-269

CVE-2020-12527

Description

Details

CVSS v2

CWEs