Skip to main content

Mbconnect24 CVE-2026-33615

| EUVDEUVD-2026-18176 CRITICAL
SQL Injection (CWE-89)
2026-04-02 CERTVDE
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 16, 2026 - 15:52 vuln.today
cvss_changed
EUVD ID Assigned
Apr 02, 2026 - 09:30 euvd
EUVD-2026-18176
Analysis Generated
Apr 02, 2026 - 09:30 vuln.today
CVE Published
Apr 02, 2026 - 08:59 nvd
CRITICAL 9.1

DescriptionCVE.org

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability.

AnalysisAI

SQL injection in MB Connect Line's mbCONNECT24 and mymbCONNECT24 platforms allows unauthenticated remote attackers to execute arbitrary SQL commands via the setinfo endpoint, potentially destroying database integrity and causing complete service disruption. The vulnerability stems from insufficient input validation in SQL UPDATE operations. With CVSS 9.1 (Critical), CVSS vector PR:N confirms no authentication required, and attack complexity is low (AC:L), making this trivially exploitable. No public exploit identified at time of analysis, though the technical details disclosed in CERT@VDE advisory provide sufficient information for rapid weaponization.

Technical ContextAI

This vulnerability affects MB Connect Line's industrial IoT remote access platforms mbCONNECT24 and mymbCONNECT24, as identified by CPE strings cpe:2.3:a:mb_connect_line:mbconnect24 and cpe:2.3:a:mb_connect_line:mymbconnect24. The flaw is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), commonly known as SQL Injection. The vulnerability exists in the setinfo endpoint where user-supplied input is incorporated into SQL UPDATE statements without proper sanitization or parameterization. MB Connect Line products provide secure remote access and management for industrial machinery and OT environments, making database integrity critical for operational safety. The unauthenticated nature of this endpoint (exposed without authentication barriers) combined with SQL injection allows attackers to manipulate UPDATE queries to modify arbitrary database records, execute stacked queries for data destruction, or trigger application-level denial of service through database corruption.

RemediationAI

Organizations running mbCONNECT24 or mymbCONNECT24 should immediately consult the CERT@VDE security advisory at https://certvde.com/de/advisories/VDE-2026-030 and the CSAF-formatted advisory at https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json for vendor-specific remediation guidance and patched versions. Exact fix versions are not specified in available data; contact MB Connect Line support for emergency patch availability and deployment procedures. As an interim mitigation measure until patching is complete, restrict network access to the setinfo endpoint using firewall rules or web application firewall policies to trusted IP ranges only, implement network segmentation to isolate affected platforms from untrusted networks, and enable comprehensive database query logging to detect potential exploitation attempts. Given the unauthenticated nature of the vulnerability and industrial control context, prioritize emergency patching and consider temporarily disconnecting affected systems from internet-facing networks if patch deployment requires extended timelines.

CVE-2020-10383 CRITICAL
9.8 Apr 14

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. Rat

CVE-2023-0985 HIGH
8.8 Jun 06

An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and

CVE-2020-10382 HIGH
8.8 Apr 14

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. Rat

CVE-2026-10521 HIGH
8.6 Jun 23

Privileged remote modification of critical program parameters in MB connect line mbCONNECT24 and mymbCONNECT24 allows au

CVE-2024-45273 HIGH
7.8 Oct 15

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak

CVE-2020-10384 HIGH
7.8 Apr 14

An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. Rat

CVE-2026-33616 HIGH
7.5 Apr 02

Blind SQL injection in MB Connect Line mbCONNECT24 and mymbCONNECT24 allows unauthenticated remote attackers to extract

CVE-2026-33614 HIGH
7.5 Apr 02

SQL injection in MB Connect Line's mbCONNECT24 and mymbCONNECT24 products allows unauthenticated remote attackers to ext

CVE-2024-45272 HIGH
7.5 Oct 15

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with

CVE-2021-34580 HIGH
7.5 Oct 27

In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind o

CVE-2021-34575 HIGH
7.5 Aug 02

In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by

CVE-2026-33613 HIGH
7.2 Apr 02

Remote code execution in MB Connect Line mbCONNECT24 and mymbCONNECT24 allows high-privileged authenticated attackers to

Share

CVE-2026-33615 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy