Skip to main content

Mb Connect Line Mbconnect24 CVE-2026-32968

| EUVDEUVD-2026-14404 CRITICAL
OS Command Injection (CWE-78)
2026-03-23 CERTVDE GHSA-m8j3-cgrg-h7fm
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 23, 2026 - 11:45 euvd
EUVD-2026-14404
Analysis Generated
Mar 23, 2026 - 11:45 vuln.today
CVE Published
Mar 23, 2026 - 11:16 nvd
CRITICAL 9.8

DescriptionCVE.org

Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.

AnalysisAI

This is a critical OS command injection vulnerability in the com_mb24sysapi module of several MB Connect Line and Helmholz industrial remote access products. An unauthenticated remote attacker can execute arbitrary OS commands without any user interaction, leading to complete system compromise. This is a variant of CVE-2020-10383, suggesting similar attack patterns may be applicable, and the 9.8 CVSS score reflects the severe nature of network-accessible, authentication-free remote code execution in industrial control system components.

Technical ContextAI

The vulnerability stems from CWE-78 (Improper Neutralization of Special Elements used in an OS Command), commonly known as OS command injection. Affected products include MB Connect Line's mbCONNECT24 and mymbCONNECT24 industrial remote access solutions, as well as Helmholz's myREX24v2 and myREX24v2.virtual devices (identified via CPE strings cpe:2.3:a:mb_connect_line:mb_connect_line_mbconnect24, cpe:2.3:a:mb_connect_line:mymbconnect24, cpe:2.3:a:helmholz:myrex24v2, and cpe:2.3:a:helmholz:myrex24v2.virtual). The com_mb24sysapi module fails to properly sanitize user-controlled input before passing it to system command execution functions, allowing attackers to inject shell metacharacters and execute arbitrary commands. As a variant of CVE-2020-10383, this suggests the original vulnerability was incompletely patched or similar attack surfaces exist in related code paths.

RemediationAI

Organizations should immediately consult the CERT-VDE advisories at https://certvde.com/de/advisories/VDE-2026-024 and https://certvde.com/de/advisories/VDE-2026-025 for vendor-provided patches and specific version numbers that address this vulnerability. Until patches can be applied, implement network segmentation to restrict access to affected devices from trusted management networks only, disable internet-facing exposure if possible, and deploy web application firewalls or intrusion prevention systems with rules to detect and block command injection attempts targeting the com_mb24sysapi module. Given this is a variant of CVE-2020-10383, verify that previous patches were properly applied and consider reviewing all command execution code paths. For critical systems that cannot be immediately patched, consider temporary service shutdown if operationally feasible.

Share

CVE-2026-32968 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy