Lucene search

[email protected]CVE-2023-34412

HistoryAug 17, 2023 - 2:15 p.m.

CVE-2023-34412

2023-08-1714:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-34412

red lion europe

mbnet

mbnet.rokey

helmholz rex 200

helmholz rex 250

firmware vulnerability

javascript payload

remote attacker

system performance

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an
authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).

Affected configurations

NVD

Node

helmholzrex_250_firmwareRange<7.3.2

AND

helmholzrex_250Match-

Node

helmholzrex_200_firmwareRange<7.3.2

AND

helmholzrex_200Match-

Node

redlionmbnet.rokey_rkh_210_firmwareRange<7.3.2

AND

redlionmbnet.rokey_rkh_210Match-

Node

redlionmbnet.rokey_rkh_216_firmwareRange<7.3.2

AND

redlionmbnet.rokey_rkh_216Match-

Node

redlionmbnet.rokey_rkh_235_firmwareRange<7.3.2

AND

redlionmbnet.rokey_rkh_235Match-

Node

redlionmbnet.rokey_rkh_259_firmwareRange<7.3.2

AND

redlionmbnet.rokey_rkh_259Match-

Node

redlionmbnet_mdh_811_firmwareRange<7.3.2

AND

redlionmbnet_mdh_811Match-

Node

redlionmbnet_mdh_850_firmwareRange<7.3.2

AND

redlionmbnet_mdh_850Match-

Node

redlionmbnet_mdh_871_firmwareRange<7.3.2

AND

redlionmbnet_mdh_871Match-

Node

redlionmbnet_mdh_831_firmwareRange<7.3.2

AND

redlionmbnet_mdh_831Match-

Node

redlionmbnet_mdh_855_firmwareRange<7.3.2

AND

redlionmbnet_mdh_855Match-

Node

redlionmbnet_mdh_876_firmwareRange<7.3.2

AND

redlionmbnet_mdh_876Match-

Node

redlionmbnet_mdh_858_firmwareRange<7.3.2

AND

redlionmbnet_mdh_858Match-

Node

redlionmbnet_mdh_816_firmwareRange<7.3.2

AND

redlionmbnet_mdh_816Match-

Node

redlionmbnet_mdh_841_firmwareRange<7.3.2

AND

redlionmbnet_mdh_841Match-

Node

redlionmbnet_mdh_859_firmwareRange<7.3.2

AND

redlionmbnet_mdh_859Match-

Node

redlionmbnet_mdh_835_firmwareRange<7.3.2

AND

redlionmbnet_mdh_835Match-

CPENameOperatorVersion
helmholz:rex_250_firmwarehelmholz rex 250 firmwarelt7.3.2

CPE	Name	Operator	Version
helmholz:rex_250_firmware	helmholz rex 250 firmware	lt	7.3.2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "mbNET",
    "vendor": "Red Lion Europe",
    "versions": [
      {
        "lessThan": "7.3.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "mbNET.rokey",
    "vendor": "Red Lion Europe",
    "versions": [
      {
        "lessThan": "7.3.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "REX 200",
    "vendor": "Helmholz",
    "versions": [
      {
        "lessThan": "7.3.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "REX 250",
    "vendor": "Helmholz",
    "versions": [
      {
        "lessThan": "7.3.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2023-012/

cert.vde.com/en/advisories/VDE-2023-029/

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

5.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for CVE-2023-34412

nvd1 prion1 cvelist1