CVE-2020-35558

Name of the Vulnerable Software and Affected Versions: MB connect line mymbCONNECT24 versions 2.6.2 through 2.11.2 mbCONNECT24 versions 2.6.2 through 2.11.2 Helmholz myREX24 versions 2.6.2 through 2.11.2 Helmholz myREX24.virtual versions 2.6.2 through 2.11.2

Description: An issue was discovered in the MySQL access check, allowing an attacker to perform a Server-Side Request Forgery (SSRF) attack. This enables the attacker to scan for open ports and gain some information about possible credentials.

Recommendations: For MB connect line mymbCONNECT24 versions 2.6.2 through 2.11.2, consider disabling the MySQL access check feature until a patch is available. For mbCONNECT24 versions 2.6.2 through 2.11.2, restrict access to the MySQL access check to minimize the risk of exploitation. For Helmholz myREX24 and myREX24.virtual versions 2.6.2 through 2.11.2, avoid using the MySQL access check feature in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.