CNNVD-202506-3064 Information
CNNVD ID
CNNVD-202506-3064
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
MB Connect Line mbCONNECT24等都是德国MB Connect Line公司的产品。MB Connect Line mbCONNECT24是一套远程服务门户网站。MB Connect Line mymbCONNECT24是一款适用于虚拟环境的内部远程维护解决方案。Helmholz myREX24等都是Helmholz公司的产品。Helmholz myREX24是一个集成系统,用于访问机器或系统的组件,以进行远程维护和远程诊断。 Helmholz myREX24、MB Connect Line mymbCONNECT24和MB Connect Line mbCONNECT24存在安全漏洞,该漏洞源于双因素认证存在缺陷,可能导致低权限用户冒充其他用户。
Description (English)
MB Connect Line mbConnECT24 and others are products of the German company MB Connect Line. MB Connect Line mbCONNET24 is a remote service portal. MB Connect Line mymbCONNECT24 is an internal remote maintenance solution applicable to the virtual environment. Helmholz my Rex24 and others are Helmholz products. Helmholz myREX24 is an integrated system for access to machine or system components for remote maintenance and long-range diagnosis. There is a security loophole in Helmholz myREX24, MB Connect Line mymbCONNT24 and MB Connect Line mbCONNCT24, which stems from a dual-factor authentication defect that may result in low-licensed users impersonating other users.
Hazard Level
Medium
Vulnerability Type
其他
Published
2025-06-24
Last Modified
2026-02-24
References
https://certvde.com/en/advisories/VDE-2025-035 https://certvde.com/en/advisories/VDE-2025-038 https://access.redhat.com/security/cve/cve-2025-3091
Patch
https://www.helmholz.de/en/products/industrial-remote-solutions/myrex24-portal/
Share on: