CVE-2023-4834

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-043", "name": "https://cert.vde.com/en/advisories/VDE-2023-043", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-041", "name": "https://cert.vde.com/en/advisories/VDE-2023-041", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In Red Lion Europe\u00a0mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an\u00a0improperly implemented access validation allows an authenticated, low privileged\u00a0attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-269"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-4834", "ASSIGNER": "info@cert.vde.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}}, "publishedDate": "2023-10-16T09:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:helmholz:myrex24:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.14.2"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:helmholz:myrex24.virtual:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.14.2"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.14.2"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.14.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-10-24T14:52Z"}