Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.
AnalysisAI
This is a critical OS command injection vulnerability in the com_mb24sysapi module of several MB Connect Line and Helmholz industrial remote access products. An unauthenticated remote attacker can execute arbitrary OS commands without any user interaction, leading to complete system compromise. This is a variant of CVE-2020-10383, suggesting similar attack patterns may be applicable, and the 9.8 CVSS score reflects the severe nature of network-accessible, authentication-free remote code execution in industrial control system components.
Technical ContextAI
The vulnerability stems from CWE-78 (Improper Neutralization of Special Elements used in an OS Command), commonly known as OS command injection. Affected products include MB Connect Line's mbCONNECT24 and mymbCONNECT24 industrial remote access solutions, as well as Helmholz's myREX24v2 and myREX24v2.virtual devices (identified via CPE strings cpe:2.3:a:mb_connect_line:mb_connect_line_mbconnect24, cpe:2.3:a:mb_connect_line:mymbconnect24, cpe:2.3:a:helmholz:myrex24v2, and cpe:2.3:a:helmholz:myrex24v2.virtual). The com_mb24sysapi module fails to properly sanitize user-controlled input before passing it to system command execution functions, allowing attackers to inject shell metacharacters and execute arbitrary commands. As a variant of CVE-2020-10383, this suggests the original vulnerability was incompletely patched or similar attack surfaces exist in related code paths.
RemediationAI
Organizations should immediately consult the CERT-VDE advisories at https://certvde.com/de/advisories/VDE-2026-024 and https://certvde.com/de/advisories/VDE-2026-025 for vendor-provided patches and specific version numbers that address this vulnerability. Until patches can be applied, implement network segmentation to restrict access to affected devices from trusted management networks only, disable internet-facing exposure if possible, and deploy web application firewalls or intrusion prevention systems with rules to detect and block command injection attempts targeting the com_mb24sysapi module. Given this is a variant of CVE-2020-10383, verify that previous patches were properly applied and consider reviewing all command execution code paths. For critical systems that cannot be immediately patched, consider temporary service shutdown if operationally feasible.
More in Mb Connect Line Mbconnect24
View allSame weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14404
GHSA-m8j3-cgrg-h7fm