Unrated severityNVD Advisory· Published Feb 16, 2021· Updated Sep 16, 2024

Improper Access Validation in products of MB connect line and Helmholz

CVE-2020-35557

Description

An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A logged-in user can view unauthorized devices in MB connect line and Helmholz remote access portals due to improper access validation.

Vulnerability

An access validation flaw exists in MB connect line mymbCONNECT24, mbCONNECT24, and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 [2][3]. The improper use of access validation allows a logged-in user to see devices in the account that they should not have access to.

Exploitation

An attacker needs only a valid user account on the affected portal. No special privileges or network position beyond normal authenticated access are required. The attacker can browse or query device lists that are not scoped to their authorization level, revealing devices belonging to other users or organizations.

Impact

Successful exploitation results in unauthorized disclosure of device identifiers and associated metadata. This information disclosure violates the intended multi-tenancy isolation of the remote access platform, potentially exposing sensitive operational technology (OT) inventory details to unauthorized parties.

Mitigation

The vulnerability is fixed in version 2.12.1 [2][3]. Users should update to this version or later. No workaround is provided in the available references.

References

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Helm/myREX24llm-fuzzy
Range: <=2.11.2
Mbconnectline/Mbconnect24llm-fuzzy
Range: <=2.11.2
Mbconnectline/Mymbconnect24llm-fuzzy
Range: <=2.11.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.vde.com/en/advisories/VDE-2021-003mitrex_refsource_CONFIRM
cert.vde.com/en/advisories/VDE-2022-039mitrex_refsource_CONFIRM
mbconnectline.com/security-advice/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000