Advisories | CERT@VDE

2024-07-03 11:00 VDE-2024-030

Red Lion Europe: mbNET.mini vulnerable to OS command injection

There exists a vulnerability in all mbNET.mini devices with firmware <= 2.2.11 that allows an authenticated attacker to execute arbitrary system commands via GET requests.

Update: 03.07.2024 3:30 pm

In section Reported by Sebastian Dietz (CyberDanube) was added.

more ...

CVE-2024-5672: 7.2

2023-10-16 10:38 VDE-2023-041

Red Lion Europe: Vulnerability allows access to non-critical information in mbCONNECT24 and mymbCONNECT24

more ...

CVE-2023-4834: 4.3

2023-08-17 14:00 VDE-2023-012

Red Lion Europe: Cross-site Scripting vulnerability in mbNET/mbNET.rokey

A stored XXS vulnerability has been found in mbNET and mbNET/.rokey in all versions before 7.3.2.

more ...

CVE-2023-34412: 4.8

Feeds

RSS / Atom

By Vendor

ADS-TEC Industrial IT (2)

Auma (4)

Beckhoff (9)

Bender (2)

CODESYS (11)

Endress+Hauser (10)

Festo (11)

Festo Didactic (6)

Frauscher (3)

Carlo Gavazzi Controls (1)

Helmholz (8)

HIMA (2)

ifm (3)

Innominate (2)

Lenze (2)

MB connect line (9)

Miele (4)

M&M Software (1)

Pepperl+Fuchs (28)

PHOENIX CONTACT (82)

Pilz (13)

Red Lion Europe (3)

SWARCO (1)

TECSON/GOK (1)

TRUMPF SE (2)

TRUMPF Laser (7)

TRUMPF Werkzeugmaschinen (8)

VARTA Storage (1)

VMT (1)

WAGO (57)

Weidmueller (10)

Welotec (2)

Wiesemann & Theis (3)

Legend

(Scoring for CVSS 2.0,3.0+3.1)

None

No CVE available

Low

0.1 <= 3.9

Medium

4.0 <= 6.9

High

7.0 <= 8.9

Critical

9.0 <= 10.0

Red Lion Europe: mbNET.mini vulnerable to OS command injection

Red Lion Europe: Vulnerability allows access to non-critical information in mbCONNECT24 and mymbCONNECT24

Red Lion Europe: Cross-site Scripting vulnerability in mbNET/mbNET.rokey

Feeds

By Vendor

Archive

2024

2023

2022

2021

2020

2019

2018

2017

Legend