{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-34412", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2023-06-05T12:05:57.451Z", "datePublished": "2023-08-17T13:07:01.697Z", "dateUpdated": "2023-11-16T11:02:33.346Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "mbNET", "vendor": "Red Lion Europe", "versions": [{"lessThan": "7.3.2", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "mbNET.rokey", "vendor": "Red Lion Europe", "versions": [{"lessThan": "7.3.2", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "REX 200", "vendor": "Helmholz", "versions": [{"lessThan": "7.3.2", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "REX 250", "vendor": "Helmholz", "versions": [{"lessThan": "7.3.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."}], "value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2023-11-16T11:02:33.346Z"}, "references": [{"url": "https://cert.vde.com/en/advisories/VDE-2023-012/"}, {"url": "https://cert.vde.com/en/advisories/VDE-2023-029/"}], "source": {"defect": ["CERT@VDE#64536"], "discovery": "UNKNOWN"}, "title": "Stored XXS vulnerability in mbnet, mbnet.rokey, REX 200 and REX 250", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:helmholz:rex_250_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "18903E70-B902-4182-B41D-666EB8C3B61C", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:helmholz:rex_250:-:*:*:*:*:*:*:*", "matchCriteriaId": "53454815-3E7A-4097-8FC7-2F7634DAF7E1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:helmholz:rex_200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "66925474-A4F6-4D7C-8163-290761406352", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:helmholz:rex_200:-:*:*:*:*:*:*:*", "matchCriteriaId": "28B3785D-8EFF-4A67-88F1-8F9D0EC39D6C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "498A9C6F-FCEE-44F9-AC64-8C070E9E31A4", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "1DBA39B6-4D76-44ED-847F-10B2BA96EB0F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_216_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2FEA63F-166C-4D08-8F49-8F1962CB97E2", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_216:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F530332-3BFB-43D3-AD5F-0B4410543BEA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_235_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "35085939-39A2-482B-802F-77313F1CA63D", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_235:-:*:*:*:*:*:*:*", "matchCriteriaId": "873AEDC5-A8B6-4B76-8A43-A3C6241ABE09", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet.rokey_rkh_259_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7EF81568-103C-408A-A575-33588BF5903B", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet.rokey_rkh_259:-:*:*:*:*:*:*:*", "matchCriteriaId": "031FFFE6-9C5F-47D9-8264-CC7C2D256941", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_811_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBE73666-D739-4C07-B7B4-31BBC0608C74", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_811:-:*:*:*:*:*:*:*", "matchCriteriaId": "30C680F1-60C6-43BF-BE62-D9D49A609734", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_850_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "12FBFD60-81BC-4B25-8AC5-E041E57A870E", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_850:-:*:*:*:*:*:*:*", "matchCriteriaId": "C293C0F8-EF07-4F19-A7B6-CE5EC170E042", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_871_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "68D51AD3-E614-45C3-8163-9547DCD41FEB", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_871:-:*:*:*:*:*:*:*", "matchCriteriaId": "B4347DC3-2035-4328-91CE-3ABA912A3B7D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_831_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C06DD90C-4E6D-4836-99CA-16A0F0AAE6E1", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_831:-:*:*:*:*:*:*:*", "matchCriteriaId": "A275C2A8-D5B6-4B32-9080-5E41B51B4487", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_855_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1997B14-061F-47D6-8FF0-266D316211CB", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_855:-:*:*:*:*:*:*:*", "matchCriteriaId": "055F9937-565E-4103-9E2A-0BB274B1D770", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_876_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A72C9074-B9A0-4DF9-9262-0937C6B2B3FF", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_876:-:*:*:*:*:*:*:*", "matchCriteriaId": "E152B4F0-44A1-45FD-A541-0E039479DC00", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_858_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745A8264-D4A7-4431-83E0-63FA59A8E575", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_858:-:*:*:*:*:*:*:*", "matchCriteriaId": "0002E5EA-F173-4861-95D9-6996A51F08A0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_816_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD074843-119D-4738-8F52-D43B825AA472", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_816:-:*:*:*:*:*:*:*", "matchCriteriaId": "B61FB21C-AD6B-4BF8-A303-8C0122276B7A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_841_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAEF7742-A151-4139-A664-DE482CC1B830", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_841:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1C27B28-A5ED-4C25-B0B9-14D1E89A414B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_859_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AC171EC-9196-4DFA-A07F-C4DC8D1037DD", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_859:-:*:*:*:*:*:*:*", "matchCriteriaId": "35427F3B-13D9-42E4-8547-0DC3A2B03662", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redlion:mbnet_mdh_835_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "967284B7-89DE-41E7-AD1F-61F0F3530944", "versionEndExcluding": "7.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:redlion:mbnet_mdh_835:-:*:*:*:*:*:*:*", "matchCriteriaId": "53DA2CB3-9C62-4CE1-8DB8-2E7378D162E4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an\nauthenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS)."}], "id": "CVE-2023-34412", "lastModified": "2024-02-29T01:39:49.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "info@cert.vde.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2023-08-17T14:15:09.700", "references": [{"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-012/"}, {"source": "info@cert.vde.com", "tags": ["Third Party Advisory"], "url": "https://cert.vde.com/en/advisories/VDE-2023-029/"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}