Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.
AnalysisAI
SQL injection in MB Connect Line's mbCONNECT24 and mymbCONNECT24 products allows unauthenticated remote attackers to extract sensitive data through the getinfo endpoint. The vulnerability permits direct database queries without authentication, enabling complete confidentiality breach of stored information. EPSS and KEV data not provided; exploitation status unknown beyond technical disclosure by CERT@VDE.
Technical ContextAI
This vulnerability stems from CWE-89 (SQL Injection) where the getinfo endpoint fails to properly sanitize or parameterize user-supplied input before incorporating it into SQL SELECT statements. The affected products are MB Connect Line's mbCONNECT24 (CPE 2.3:a:mb_connect_line:mbconnect24) and mymbCONNECT24 (CPE 2.3:a:mb_connect_line:mymbconnect24), which are industrial IoT connectivity solutions used for secure remote access to machines and systems. The lack of input validation allows attackers to inject arbitrary SQL commands, directly querying the backend database. The CVSS vector confirms this is a network-accessible vulnerability with low attack complexity requiring no user interaction, making it straightforward to exploit once the vulnerable endpoint is identified.
RemediationAI
Organizations should immediately consult the official MB Connect Line security advisory published by CERT@VDE at https://certvde.com/de/advisories/VDE-2026-030 and the corresponding CSAF document at https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json for vendor-specific patching guidance and fixed versions. Patch availability per vendor advisory should be confirmed from these authoritative sources. Until patches can be applied, implement network segmentation to restrict access to the getinfo endpoint to trusted IP ranges only, deploy web application firewall rules to detect and block SQL injection patterns targeting this endpoint, and monitor database query logs for anomalous SELECT statements. Disable or remove the getinfo endpoint if it is not operationally required. Given the unauthenticated nature of the vulnerability, perimeter controls are critical interim mitigations.
More in Mbconnect24
View allAn issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. Rat
SQL injection in MB Connect Line's mbCONNECT24 and mymbCONNECT24 platforms allows unauthenticated remote attackers to ex
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. Rat
Privileged remote modification of critical program parameters in MB connect line mbCONNECT24 and mymbCONNECT24 allows au
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.6.1. Rat
Blind SQL injection in MB Connect Line mbCONNECT24 and mymbCONNECT24 allows unauthenticated remote attackers to extract
An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with
In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind o
In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by
Remote code execution in MB Connect Line mbCONNECT24 and mymbCONNECT24 allows high-privileged authenticated attackers to
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18174