{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32968", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2026-03-17T09:55:21.859Z", "datePublished": "2026-03-23T11:16:01.413Z", "dateUpdated": "2026-03-23T13:51:18.931Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MB connect line mbCONNECT24", "vendor": "MB connect line", "versions": [{"lessThanOrEqual": "2.19.3", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "mymbCONNECT24", "vendor": "MB connect line", "versions": [{"lessThanOrEqual": "2.19.3", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "myREX24V2", "vendor": "Helmholz", "versions": [{"lessThanOrEqual": "2.19.3", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "myREX24V2.virtual", "vendor": "Helmholz", "versions": [{"lessThanOrEqual": "2.19.3", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.<br>"}], "value": "Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-03-23T11:16:01.413Z"}, "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-024"}, {"url": "https://certvde.com/de/advisories/VDE-2026-025"}], "source": {"advisory": "VDE-2026-024", "defect": ["CERT@VDE#641983"], "discovery": "UNKNOWN"}, "title": "Unauthenticated RCE in com_mb24sysapi", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T13:51:11.265990Z", "id": "CVE-2026-32968", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T13:51:18.931Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32968", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-23T13:51:11.265990Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T13:51:14.717Z"}}], "cna": {"title": "Unauthenticated RCE in com_mb24sysapi", "source": {"defect": ["CERT@VDE#641983"], "advisory": "VDE-2026-024", "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Moritz Abrell, Christian Z\u00e4ske from SySS GmbH"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "MB connect line", "product": "MB connect line mbCONNECT24", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "2.19.3"}], "defaultStatus": "unaffected"}, {"vendor": "MB connect line", "product": "mymbCONNECT24", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "2.19.3"}], "defaultStatus": "unaffected"}, {"vendor": "Helmholz", "product": "myREX24V2", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "2.19.3"}], "defaultStatus": "unaffected"}, {"vendor": "Helmholz", "product": "myREX24V2.virtual", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "semver", "lessThanOrEqual": "2.19.3"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-024"}, {"url": "https://certvde.com/de/advisories/VDE-2026-025"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.", "supportingMedia": [{"type": "text/html", "value": "Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2026-03-23T11:16:01.413Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32968", "state": "PUBLISHED", "dateUpdated": "2026-03-23T13:51:18.931Z", "dateReserved": "2026-03-17T09:55:21.859Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2026-03-23T11:16:01.413Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system compromise. This vulnerability is a variant attack for CVE-2020-10383."}], "id": "CVE-2026-32968", "lastModified": "2026-03-23T14:31:37.267", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2026-03-23T12:16:08.407", "references": [{"source": "info@cert.vde.com", "url": "https://certvde.com/de/advisories/VDE-2026-024"}, {"source": "info@cert.vde.com", "url": "https://certvde.com/de/advisories/VDE-2026-025"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,2.19.3]"}}], "enrichment": {"confidence": 96.0, "confidence_source": "matching", "scores": [{"score": 96.0, "source": "matching"}]}, "original": {"product": "myREX24V2.virtual", "source": "cna", "vendor": "Helmholz"}, "product": "myrex24.virtual", "vendor": "helmholz"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,2.19.3]"}}], "enrichment": {"confidence": 97.0, "confidence_source": "matching", "scores": [{"score": 97.0, "source": "matching"}]}, "original": {"product": "myREX24V2", "source": "cna", "vendor": "Helmholz"}, "product": "myrex24_v2", "vendor": "helmholz"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,2.19.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MB connect line mbCONNECT24", "source": "cna", "vendor": "MB connect line"}, "product": "mb_connect_line_mbconnect24", "vendor": "mb_connect_line"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0.0.0,2.19.3]"}}], "enrichment": {"confidence": 96.0, "confidence_source": "matching", "scores": [{"score": 96.0, "source": "matching"}]}, "original": {"product": "mymbCONNECT24", "source": "cna", "vendor": "MB connect line"}, "product": "mymbconnect24", "vendor": "mbconnectline"}], "analysis": {"en": {"generated_at": "2026-03-23T12:20:44.563884+00:00", "value": {"mitigation_remediation": ["Install the vendor\u2011released firmware or patch that resolves the com_mb24sysapi RCE issue for the affected Helmholz and MB Connect Line devices.", "If a patch is not yet available, isolate the devices by blocking external access to the com_mb24sysapi endpoint using firewall or network segmentation until a fix can be applied.", "Enable logging on the affected devices and monitor for anomalous command execution or unusual network activity associated with the com_mb24sysapi module; report any suspicious events to the vendor and to the security team."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected products include Helmholz's myREX24V2 and myREX24V2.virtual as well as MB Connect Line\u2019s mbCONNECT24 and mymbCONNECT24. No specific firmware or software version numbers are supplied, so all current releases of these products are considered vulnerable until vendors confirm a fix.", "description_and_impact": "The vulnerability arises from the improper neutralisation of special elements used in an operating\u2011system command within the com_mb24sysapi module. An unauthenticated remote attacker can craft a request that bypasses input filtering, causing the module to execute arbitrary OS commands with the privileges of the running process. If exploited, the attacker can achieve full system compromise, consistent with a remote code execution scenario. This flaw is a variant of the earlier CVE\u20112020\u201110383 vulnerability, highlighting a repeated weakness in the same code base.", "risk_and_exploitability": "The CVSS score is 9.8, indicating an extremely severe risk. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, though that does not reduce its potential impact. The likely attack vector is a remote, unauthenticated exploitation through the exposed com_mb24sysapi interface, which can be triggered from any network that can reach the device. Given the high severity and the nature of the flaw, the window of opportunity for attackers is substantial."}}}}, "created": "2026-03-24T10:34:44.510993+00:00", "updated": "2026-03-25T14:49:19.725175+00:00", "vendors": ["helmholz", "helmholz$PRODUCT$myrex24.virtual", "helmholz$PRODUCT$myrex24_v2", "mb_connect_line", "mb_connect_line$PRODUCT$mb_connect_line_mbconnect24", "mbconnectline", "mbconnectline$PRODUCT$mymbconnect24"]}