CVE-2026-33613

Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise. This vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://certvde.com/de/advisories/VDE-2026-030	Third Party Advisory
https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mbconnectline:mbconnect24::::::::
	cpe:2.3:a:mbconnectline:mymbconnect24::::::::

History

16 Apr 2026, 15:49

Type	Values Removed	Values Added
References	~~() https://certvde.com/de/advisories/VDE-2026-030 -~~	() https://certvde.com/de/advisories/VDE-2026-030 - Third Party Advisory
References	~~() https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json -~~	() https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json - Vendor Advisory
CPE		cpe:2.3:a:mbconnectline:mymbconnect24:::::::: cpe:2.3:a:mbconnectline:mbconnect24::::::::
First Time		Mbconnectline mbconnect24 Mbconnectline Mbconnectline mymbconnect24

02 Apr 2026, 10:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-04-02 10:16

Updated : 2026-04-16 15:49

NVD link : CVE-2026-33613

Mitre link : CVE-2026-33613

CVE.ORG link : CVE-2026-33613

JSON object : View

Products Affected

mbconnectline

mbconnect24
mymbconnect24

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2026-33613", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "info@cert.vde.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2026-04-02T10:16:15.727", "references": [{"url": "https://certvde.com/de/advisories/VDE-2026-030", "tags": ["Third Party Advisory"], "source": "info@cert.vde.com"}, {"url": "https://mbconnectline.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-030.json", "tags": ["Vendor Advisory"], "source": "info@cert.vde.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "info@cert.vde.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Due to the improper neutralisation of special elements used in an OS command, a remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise.\nThis vulnerability can only be attacked if the attacker has some other way to write arbitrary data to the user table."}], "lastModified": "2026-04-16T15:49:47.683", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mbconnectline:mbconnect24:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF88F461-51FB-482C-A406-07F72FC10D79", "versionEndIncluding": "2.19.4"}, {"criteria": "cpe:2.3:a:mbconnectline:mymbconnect24:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36E8693F-94C4-46A4-BD83-D87B71B89F12", "versionEndIncluding": "2.19.4"}], "operator": "OR"}]}], "sourceIdentifier": "info@cert.vde.com"}