Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.
AnalysisAI
Remote code execution in MB Connect Line mbCONNECT24 and mymbCONNECT24 allows high-privileged authenticated attackers to achieve full system compromise through command injection in the generateSrpArray function. Exploitation requires the attacker to first write arbitrary data to the user table via another vulnerability, establishing a chained attack scenario. No public exploit identified at time of analysis, though the low attack complexity (AC:L) indicates straightforward exploitation once database write access is obtained.
Technical ContextAI
This vulnerability stems from CWE-78 (OS Command Injection), where the generateSrpArray function fails to properly sanitize special elements before passing them to operating system commands. The affected products are MB Connect Line mbCONNECT24 (cpe:2.3:a:mb_connect_line:mbconnect24) and mymbCONNECT24 (cpe:2.3:a:mb_connect_line:mymbconnect24), which are industrial IoT gateway management platforms used for secure remote access to industrial equipment. The command injection occurs when user-controlled data from the database is processed without adequate neutralization of shell metacharacters, allowing arbitrary command execution within the context of the application process. This represents a second-order injection vulnerability, as malicious payloads must first be stored in the user table before being triggered through the SRP (Secure Remote Password) array generation routine.
RemediationAI
Organizations should immediately consult the MB Connect Line vendor advisories available at https://certvde.com/de/advisories/VDE-2026-030 and the CSAF security document at https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json for specific patching instructions and affected version identification. Patch availability per vendor advisory should be verified directly through these channels, as exact fixed versions are not specified in the current CVE data. As interim mitigation, organizations should restrict administrative access to mbCONNECT24 and mymbCONNECT24 management interfaces to trusted networks only, implement strong authentication controls for high-privilege accounts, monitor user table modifications for suspicious activity, and audit existing database entries for potential malicious payloads. Network segmentation should isolate these industrial IoT gateway platforms from untrusted networks, and access logging should be enabled to detect potential exploitation chains involving database manipulation followed by SRP array generation operations.
More in Mbconnect24
View allAn issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. Rat
SQL injection in MB Connect Line's mbCONNECT24 and mymbCONNECT24 platforms allows unauthenticated remote attackers to ex
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. Rat
Privileged remote modification of critical program parameters in MB connect line mbCONNECT24 and mymbCONNECT24 allows au
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. Rat
Blind SQL injection in MB Connect Line mbCONNECT24 and mymbCONNECT24 allows unauthenticated remote attackers to extract
SQL injection in MB Connect Line's mbCONNECT24 and mymbCONNECT24 products allows unauthenticated remote attackers to ext
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind o
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18173
GHSA-jmc2-v37m-hrwj