CVE-2023-34412

Summary

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).

Affected Software

VendorProductVersion RangeStatus
Red Lion EuropembNET0 < 7.3.2affected
Red Lion EuropembNET.rokey0 < 7.3.2affected
HelmholzREX 2000 < 7.3.2affected
HelmholzREX 2500 < 7.3.2affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References