VDE-2024-030

Vulnerability from csaf_mbconnectlinegmbh - Published: 2024-07-03 09:00 - Updated: 2024-07-03 09:00
Summary
MB connect line: mbNET.mini vulnerable to OS command injection
Notes
Summary: There exists a vulnerability in all mbNET.mini devices with firmware <= 2.2.11 that allows an authenticated attacker to execute arbitrary system commands via GET requests. Update: 03.07.2024 3:30 pm  In section Reported by Sebastian Dietz (CyberDanube) was added.
Impact: See CVE description.
Mitigation: As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.
Remediation: Update to latest version: 2.2.13
CVE-2024-5672

A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.

7.2 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Mitigation As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.
Vendor Fix Update to latest version: 2.2.13
References
Acknowledgments
CERT@VDE certvde.com
Honeywell M. Ankith
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "M. Ankith"
        ],
        "organization": "Honeywell",
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "There exists a vulnerability in all mbNET.mini devices with firmware \u003c= 2.2.11 that allows an authenticated attacker to execute arbitrary system commands via GET requests.\nUpdate: 03.07.2024 3:30 pm\u00a0\nIn section\u00a0Reported by Sebastian Dietz (CyberDanube) was added.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "See CVE description.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Update to latest version: 2.2.13",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "security-team@mbconnectline.de",
      "name": "MB connect line GmbH",
      "namespace": "https://mbconnectline.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for MB connect line GmbH",
        "url": "https://certvde.com/en/advisories/vendor/mbconnectline/"
      },
      {
        "category": "self",
        "summary": "VDE-2024-030: MB connect line: mbNET.mini vulnerable to OS command injection - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2024-030/"
      },
      {
        "category": "self",
        "summary": "VDE-2024-030: MB connect line: mbNET.mini vulnerable to OS command injection - CSAF",
        "url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-030.json"
      }
    ],
    "title": "MB connect line: mbNET.mini vulnerable to OS command injection",
    "tracking": {
      "aliases": [
        "VDE-2024-030"
      ],
      "current_release_date": "2024-07-03T09:00:00.000Z",
      "generator": {
        "date": "2025-06-05T07:54:43.151Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.27"
        }
      },
      "id": "VDE-2024-030",
      "initial_release_date": "2024-07-03T09:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-07-03T09:00:00.000Z",
          "number": "1",
          "summary": "Initial revision."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=2.2.11",
                    "product": {
                      "name": "mbNET.mini \u003c=2.2.11",
                      "product_id": "CSAFPID-51001"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "2.2.13",
                    "product": {
                      "name": "mbNET.mini 2.2.13",
                      "product_id": "CSAFPID-52001"
                    }
                  }
                ],
                "category": "product_name",
                "name": "mbNET.mini"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "MB connect line"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "\u003c=2.2.11",
                    "product": {
                      "name": "mbNET.mini \u003c=2.2.11",
                      "product_id": "CSAFPID-51002"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "2.2.13",
                    "product": {
                      "name": "mbNET.mini 2.2.13",
                      "product_id": "CSAFPID-52002"
                    }
                  }
                ],
                "category": "product_name",
                "name": "mbNET.mini"
              }
            ],
            "category": "product_family",
            "name": "Software"
          }
        ],
        "category": "vendor",
        "name": "Red Lion Europe"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ],
        "summary": "Affected products "
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-52001",
          "CSAFPID-52002"
        ],
        "summary": "Fixed products"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-5672",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "A high privileged remote attacker can\u00a0execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-52001",
          "CSAFPID-52002"
        ],
        "known_affected": [
          "CSAFPID-51001",
          "CSAFPID-51002"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to latest version: 2.2.13",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.2,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 7.2,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-51001",
            "CSAFPID-51002"
          ]
        }
      ],
      "title": "CVE-2024-5672"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.