Ddos 
In a significant alert for the industrial automation sector, CERT@VDE has disclosed a series of high-severity vulnerabilities affecting the mbCONNECT24 and mymbCONNECT24 remote service platforms. These flaws, which include Remote Code Execution (RCE) and multiple SQL Injection (SQLi) vulnerabilities, could allow unauthenticated attackers to gain full control over the affected systems.
The most critical issue in the advisory is CVE-2026-33613, a vulnerability that strikes at the heart of the system’s security logic. Due to the “improper neutralisation of special elements used in an OS command,” an attacker can trigger a command injection within the generateSrpArray function.
The consequences of this flaw are critical:
“A remote attacker can exploit an RCE vulnerability in the generateSrpArray function, resulting in full system compromise”.
This level of access would allow an adversary to bypass all security perimeters, impacting the confidentiality, integrity, and availability of the entire service.
Beyond the RCE threat, the advisory details three distinct SQL Injection vulnerabilities that provide attackers with varying levels of unauthorized database access.
- Total Integrity Loss (CVE-2026-33615): With a CVSS score of 9.8, this is the most dangerous of the SQLi flaws. It targets the setinfo endpoint, where an attacker can exploit an “unauthenticated SQL Injection vulnerability… due to improper neutralization of special elements in a SQL UPDATE command”. This allows for arbitrary write access, specifically to the user table.
- Blind Information Theft (CVE-2026-33616): This “unauthenticated blind SQL Injection” targets the mb24api endpoint, potentially resulting in a “total loss of confidentiality” by allowing attackers to read sensitive database contents.
- Arbitrary Data Read (CVE-2026-33614): Similar to the above, this flaw in the getinfo endpoint provides unauthenticated “arbitrary read access to the complete database”.
Rounding out the advisory is CVE-2026-33617, which highlights a risk of information leakage. Researchers found that an unauthenticated attacker could access a configuration file containing database credentials. While there is currently “no endpoint exposed to use these credentials,” the exposure remains a significant security risk that could be leveraged in a multi-stage attack.
The vulnerabilities impact both the MB connect line mbCONNECT24 and mymbCONNECT24 platforms, specifically all versions up to and including Firmware 2.19.4.
To secure these systems, CERT@VDE and MB Connect Line strongly urge administrators to move to a patched version of the firmware beyond 2.19.4 to remediate these critical paths
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
