Description
A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Helmholz / REX 200/2500.0.0 – 7.3.0
- Helmholz / REX 3000.0.0 – 5.1.11
- MB connect line / mbNET HW10.0.0 – 5.1.11
- MB connect line / mbNET/mbNET.rokey0.0.0 – 7.3.0
References
- VENDOR_ADVISORYhttps://certvde.com/de/advisories/VDE-2025-065
- VENDOR_ADVISORYhttps://certvde.com/de/advisories/VDE-2025-069