{ "id": "CVE-2023-34412", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-17T14:15:09.700", "lastModified": "2024-02-29T01:39:49.957", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)." } ], "metrics": { "cvssMetricV31": [ { "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.7, "impactScore": 2.7 }, { "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.3, "impactScore": 2.7 } ] }, "weaknesses": [ { "source": "info@cert.vde.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "18903E70-B902-4182-B41D-666EB8C3B61C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "53454815-3E7A-4097-8FC7-2F7634DAF7E1" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "66925474-A4F6-4D7C-8163-290761406352" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*", "matchCriteriaId": "28B3785D-8EFF-4A67-88F1-8F9D0EC39D6C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_210_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "498A9C6F-FCEE-44F9-AC64-8C070E9E31A4" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "1DBA39B6-4D76-44ED-847F-10B2BA96EB0F" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_216_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "C2FEA63F-166C-4D08-8F49-8F1962CB97E2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_216:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F530332-3BFB-43D3-AD5F-0B4410543BEA" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_235_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "35085939-39A2-482B-802F-77313F1CA63D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_235:-:*:*:*:*:*:*:*", "matchCriteriaId": "873AEDC5-A8B6-4B76-8A43-A3C6241ABE09" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_259_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "7EF81568-103C-408A-A575-33588BF5903B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_259:-:*:*:*:*:*:*:*", "matchCriteriaId": "031FFFE6-9C5F-47D9-8264-CC7C2D256941" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet_mdh_811_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "EBE73666-D739-4C07-B7B4-31BBC0608C74" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet_mdh_811:-:*:*:*:*:*:*:*", "matchCriteriaId": "30C680F1-60C6-43BF-BE62-D9D49A609734" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet_mdh_850_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "12FBFD60-81BC-4B25-8AC5-E041E57A870E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet_mdh_850:-:*:*:*:*:*:*:*", "matchCriteriaId": "C293C0F8-EF07-4F19-A7B6-CE5EC170E042" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet_mdh_871_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "68D51AD3-E614-45C3-8163-9547DCD41FEB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet_mdh_871:-:*:*:*:*:*:*:*", "matchCriteriaId": "B4347DC3-2035-4328-91CE-3ABA912A3B7D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet_mdh_831_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "C06DD90C-4E6D-4836-99CA-16A0F0AAE6E1" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet_mdh_831:-:*:*:*:*:*:*:*", "matchCriteriaId": "A275C2A8-D5B6-4B32-9080-5E41B51B4487" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet_mdh_855_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "D1997B14-061F-47D6-8FF0-266D316211CB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet_mdh_855:-:*:*:*:*:*:*:*", "matchCriteriaId": "055F9937-565E-4103-9E2A-0BB274B1D770" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet_mdh_876_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "A72C9074-B9A0-4DF9-9262-0937C6B2B3FF" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet_mdh_876:-:*:*:*:*:*:*:*", "matchCriteriaId": "E152B4F0-44A1-45FD-A541-0E039479DC00" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet_mdh_858_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "745A8264-D4A7-4431-83E0-63FA59A8E575" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet_mdh_858:-:*:*:*:*:*:*:*", "matchCriteriaId": "0002E5EA-F173-4861-95D9-6996A51F08A0" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet_mdh_816_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "CD074843-119D-4738-8F52-D43B825AA472" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet_mdh_816:-:*:*:*:*:*:*:*", "matchCriteriaId": "B61FB21C-AD6B-4BF8-A303-8C0122276B7A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet_mdh_841_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "EAEF7742-A151-4139-A664-DE482CC1B830" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet_mdh_841:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1C27B28-A5ED-4C25-B0B9-14D1E89A414B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet_mdh_859_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "3AC171EC-9196-4DFA-A07F-C4DC8D1037DD" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet_mdh_859:-:*:*:*:*:*:*:*", "matchCriteriaId": "35427F3B-13D9-42E4-8547-0DC3A2B03662" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:redlion:mbnet_mdh_835_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.3.2", "matchCriteriaId": "967284B7-89DE-41E7-AD1F-61F0F3530944" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:redlion:mbnet_mdh_835:-:*:*:*:*:*:*:*", "matchCriteriaId": "53DA2CB3-9C62-4CE1-8DB8-2E7378D162E4" } ] } ] } ], "references": [ { "url": "https://cert.vde.com/en/advisories/VDE-2023-012/", "source": "info@cert.vde.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://cert.vde.com/en/advisories/VDE-2023-029/", "source": "info@cert.vde.com", "tags": [ "Third Party Advisory" ] } ] }