CVE-2020-35564 – CVE-2020-35564 is an injection vulnerability in... (How to Fix)

Q: What is the severity of CVE-2020-35564?

CVE-2020-35564 has a CVSS score of 7.5 (HIGH). CVE-2020-35564 is an injection vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software that allows attackers to execute malicious code through an outdated component. This affects organizations using these remote access solutions for industrial automation. The vulnerability stems from improper neutralization of special elements in output used by a downstream component.

📋 TL;DR

CVE-2020-35564 is an injection vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software that allows attackers to execute malicious code through an outdated component. This affects organizations using these remote access solutions for industrial automation. The vulnerability stems from improper neutralization of special elements in output used by a downstream component.

💻 Affected Systems

Products:

MB CONNECT LINE mymbCONNECT24
MB CONNECT LINE mbCONNECT24

Versions: through 2.6.2

Operating Systems: Not OS-specific - affects the application itself

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments using vulnerable versions regardless of configuration.

📦 What is this software?

Mbconnect24 by Mbconnectline

View all CVEs affecting Mbconnect24 →

Mymbconnect24 by Mbconnectline

View all CVEs affecting Mymbconnect24 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and potential disruption of industrial control systems.

🟠

Likely Case

Unauthorized access to the affected system, data exfiltration, and potential lateral movement within the network.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only affecting the vulnerable component.

🌐 Internet-Facing: HIGH - The affected products are designed for remote access and often exposed to the internet for industrial applications.

🏢 Internal Only: MEDIUM - Still significant risk if exploited internally, but less exposure than internet-facing deployments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability allows for active code injection, suggesting straightforward exploitation once the attack vector is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.0 and later

Vendor Advisory: https://mbconnectline.com/security-advice/

Restart Required: Yes

Instructions:

1. Download latest version from MB CONNECT LINE portal. 2. Backup current configuration. 3. Install update following vendor instructions. 4. Restart the service/application. 5. Verify functionality.

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to vulnerable systems using firewalls or network segmentation

Input Validation Enhancement

all

Implement additional input validation and sanitization at the application level

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Deploy web application firewall (WAF) with injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check application version in admin interface or configuration files. If version is 2.6.2 or earlier, system is vulnerable.

Check Version:

Check via web admin interface or consult application documentation for version command

Verify Fix Applied:

Verify version is 2.7.0 or later in admin interface and test functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual input patterns in application logs
Unexpected process execution
Authentication anomalies

Network Indicators:

Unusual outbound connections from the system
Suspicious payloads in HTTP requests

SIEM Query:

source="mymbconnect24" OR source="mbconnect24" AND (event="injection" OR event="malicious_input" OR status="500")

📊 Metadata

CVE ID: CVE-2020-35564

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE: CWE-74

Published: February 16, 2021

Last Updated: November 21, 2024

🔗 References

https://cert.vde.com/de-de/advisories/vde-2021-003 Third Party Advisory
https://mbconnectline.com/security-advice/ Vendor Advisory
https://cert.vde.com/de-de/advisories/vde-2021-003 Third Party Advisory
https://mbconnectline.com/security-advice/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35564, you might also want to check these: