VDE-2021-037
Vulnerability from csaf_mbconnectlinegmbh - Published: 2021-10-27 10:15 - Updated: 2025-05-14 12:28Summary
MB connect line: Remote user enumeration in mbCONNECT24/mymbCONNECT24
Notes
Summary: An issue was discovered in the mymbCONNECT24 and mbCONNECT24 software in all versions through V2.9.0.
Impact: Please consult the CVE Entry above.
Remediation: Update mbCONNECT24/mymbCONNECT24 to 2.10.1
An unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.
7.5 (High)
Vendor Fix
Update mbCONNECT24/mymbCONNECT24 to 2.10.1
References
Acknowledgments
CERT@VDE
certvde.com
LEWA Attendorn GmbH
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "LEWA Attendorn GmbH",
"summary": "reporting."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "An issue was discovered in the mymbCONNECT24 and mbCONNECT24 software in all versions through V2.9.0.",
"title": "Summary"
},
{
"category": "description",
"text": "Please consult the CVE Entry above.",
"title": "Impact"
},
{
"category": "description",
"text": "Update mbCONNECT24/mymbCONNECT24 to 2.10.1",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "security-team@mbconnectline.de",
"name": "MB connect line GmbH",
"namespace": "https://mbconnectline.com"
},
"references": [
{
"category": "external",
"summary": "MB connect line advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/mbconnectline/"
},
{
"category": "self",
"summary": "VDE-2021-037: MB connect line: Remote user enumeration in mbCONNECT24/mymbCONNECT24 - HTML",
"url": "https://certvde.com/en/advisories/VDE-2021-037"
},
{
"category": "self",
"summary": "VDE-2021-037: MB connect line: Remote user enumeration in mbCONNECT24/mymbCONNECT24 - CSAF",
"url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2021/vde-2021-037.json"
}
],
"title": "MB connect line: Remote user enumeration in mbCONNECT24/mymbCONNECT24",
"tracking": {
"aliases": [
"VDE-2021-037"
],
"current_release_date": "2025-05-14T12:28:19.000Z",
"generator": {
"date": "2025-03-21T11:49:51.085Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.21"
}
},
"id": "VDE-2021-037",
"initial_release_date": "2021-10-27T10:15:00.000Z",
"revision_history": [
{
"date": "2021-10-27T10:15:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-05-14T12:28:19.000Z",
"number": "2",
"summary": "Fix: firmware category"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.9.0",
"product": {
"name": "mbCONNECT24 \u003c=2.9.0",
"product_id": "CSAFPID-51001"
}
},
{
"category": "product_version",
"name": "2.10.1",
"product": {
"name": "mbCONNECT24 2.10.1",
"product_id": "CSAFPID-52001"
}
}
],
"category": "product_name",
"name": "mbCONNECT24"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.9.0",
"product": {
"name": "mymbCONNECT24 \u003c=2.9.0",
"product_id": "CSAFPID-51002"
}
},
{
"category": "product_version",
"name": "2.10.1",
"product": {
"name": "mymbCONNECT24 2.10.1",
"product_id": "CSAFPID-52002"
}
}
],
"category": "product_name",
"name": "mymbCONNECT24"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "MB connect line"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-51001",
"CSAFPID-51002"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-52001",
"CSAFPID-52002"
],
"summary": "Fixed Products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-34580",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "description",
"text": "An unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-52001",
"CSAFPID-52002"
],
"known_affected": [
"CSAFPID-51001",
"CSAFPID-51002"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update mbCONNECT24/mymbCONNECT24 to 2.10.1",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-51001",
"CSAFPID-51002"
]
}
],
"title": "CVE-2021-34580"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…