CVE-2023-34412

Name of the Vulnerable Software and Affected Versions Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower than 7.3.2

Description A vulnerability in the affected devices allows an authenticated remote attacker to inject malicious HTML or JavaScript code, enabling them to store an arbitrary JavaScript payload on the diagnosis page of the device. This page is loaded immediately after login, allowing the attacker to read and write browser data and reduce system performance.

Recommendations For Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower than 7.3.2, update the firmware to version 7.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the diagnosis page of the device until a patch is available.