VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 16, 2021· Updated Sep 17, 2024

Sensitive Information Exposure in products of MB connect line and Helmholz

CVE-2020-35568

Description

An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An incomplete filter on database responses in MB connect line and Helmholz remote access products allows authenticated attackers to access non-public information about other users and devices.

Vulnerability

The vulnerability exists in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account. [2][3]

Exploitation

An attacker must be authenticated to the system. By crafting a request that triggers a database response with insufficient filtering, the attacker can retrieve data that should be restricted to other users or devices within the same account. No additional privileges or user interaction are required beyond authentication.

Impact

Successful exploitation results in unauthorized disclosure of non-public information about other users and devices, potentially including sensitive configuration details or personal data. The confidentiality of the system is compromised, but integrity and availability are not directly affected.

Mitigation

The issue is fixed in version 2.12.1. Users should update to this version or later. For MB connect line products, see advisory VDE-2021-003 [2]; for Helmholz products, see VDE-2022-039 [3]. No workarounds are mentioned in the references.

References
  1. MB connect line: Multiple vulnerabilites in mymbCONNECT24 and mbCONNECT24 (Update A)
  2. Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.