{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4834", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-09-08T07:54:38.764Z", "datePublished": "2023-10-16T08:40:13.064Z", "dateUpdated": "2024-09-16T18:17:07.881Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "mbCONNECT24", "vendor": "Red Lion Europe", "versions": [{"lessThanOrEqual": "2.14.2", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "mymbCONNECT24", "vendor": "Red Lion Europe", "versions": [{"lessThanOrEqual": "2.14.2", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "myREX24", "vendor": "Helmholz", "versions": [{"lessThanOrEqual": "2.14.2", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "myREX24.virtual", "vendor": "Helmholz", "versions": [{"lessThanOrEqual": "2.14.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "datePublic": "2023-10-16T08:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div><div><div><p>In <span style=\"background-color: rgb(249, 250, 251);\">Red Lion Europe&nbsp;</span><span style=\"background-color: rgb(249, 250, 251);\">mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an&nbsp;</span>improperly implemented access validation <span style=\"background-color: rgb(255, 255, 255);\">allows an authenticated, </span><span style=\"background-color: rgb(255, 255, 255);\">low privileged</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;attacker to gain read access to limited, non-critical device information in his account he should not have access to.</span>\n</p>\n\t\t\t\t\t</div>\n\t\t\t\t</div>\n\t\t\t</div>\n\t\t</div>\n\t\n"}], "value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-10-16T08:59:23.795Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-041"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-043"}], "source": {"defect": ["CERT@VDE#64587"], "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.778Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-041", "tags": ["x_transferred"]}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-043", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-16T18:16:53.810599Z", "id": "CVE-2023-4834", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T18:17:07.881Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-041", "tags": ["x_transferred"]}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-043", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.778Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4834", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-16T18:16:53.810599Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T18:17:00.850Z"}}], "cna": {"source": {"defect": ["CERT@VDE#64587"], "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Red Lion Europe", "product": "mbCONNECT24", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.14.2"}], "defaultStatus": "unaffected"}, {"vendor": "Red Lion Europe", "product": "mymbCONNECT24", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.14.2"}], "defaultStatus": "unaffected"}, {"vendor": "Helmholz", "product": "myREX24", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.14.2"}], "defaultStatus": "unaffected"}, {"vendor": "Helmholz", "product": "myREX24.virtual", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.14.2"}], "defaultStatus": "unaffected"}], "datePublic": "2023-10-16T08:40:00.000Z", "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-041"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-043"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n", "supportingMedia": [{"type": "text/html", "value": "<div><div><div><div><p>In <span style=\"background-color: rgb(249, 250, 251);\">Red Lion Europe&nbsp;</span><span style=\"background-color: rgb(249, 250, 251);\">mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an&nbsp;</span>improperly implemented access validation <span style=\"background-color: rgb(255, 255, 255);\">allows an authenticated, </span><span style=\"background-color: rgb(255, 255, 255);\">low privileged</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;attacker to gain read access to limited, non-critical device information in his account he should not have access to.</span>\n</p>\n\t\t\t\t\t</div>\n\t\t\t\t</div>\n\t\t\t</div>\n\t\t</div>\n\t\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-10-16T08:59:23.795Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4834", "state": "PUBLISHED", "dateUpdated": "2024-09-16T18:17:07.881Z", "dateReserved": "2023-09-08T07:54:38.764Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2023-10-16T08:40:13.064Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B75F1E4-3DFA-4163-A9C7-8CF5C9A78562", "versionEndIncluding": "2.14.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*", "matchCriteriaId": "885E9E11-89FE-468F-8160-EC3B21E6CA77", "versionEndIncluding": "2.14.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*", "matchCriteriaId": "2029F9FB-397A-490D-A86F-B2B39C516A79", "versionEndIncluding": "2.14.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*", "matchCriteriaId": "0F77AC2B-5B57-4CFF-A4F1-AA8E6B1B8C3B", "versionEndIncluding": "2.14.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"}, {"lang": "es", "value": "En Red Lion Europe mbCONNECT24 y mymbCONNECT24 y Helmholz myREX24 y myREX24.virtual hasta la versi\u00f3n 2.14.2 incluida, una validaci\u00f3n de acceso implementada incorrectamente permite a un atacante autenticado y con pocos privilegios obtener acceso de lectura a informaci\u00f3n limitada y no cr\u00edtica del dispositivo a la que no deber\u00eda tener acceso en su cuenta."}], "id": "CVE-2023-4834", "lastModified": "2024-11-21T08:36:04.223", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "info@cert.vde.com", "type": "Secondary"}]}, "published": "2023-10-16T09:15:11.830", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-041"}, {"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-043"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-043"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "info@cert.vde.com", "type": "Secondary"}]}

{}