Description
An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Helmholz / myREX240 – 2.18.0
- Helmholz / myREX240 – 2.16.5
- Helmholz / myREX24.virtual0 – 2.16.5
- Helmholz / myREX24.virtual0 – 2.18.0
- MB connect line / mbCONNECT240 – 2.16.5
- MB connect line / mymbCONNECT240 – 2.16.5
- MB connect line / mymbCONNECT240 – 2.18.0
References
- VENDOR_ADVISORYhttps://certvde.com/en/advisories/VDE-2025-035
- VENDOR_ADVISORYhttps://certvde.com/en/advisories/VDE-2025-038