CVE-2020-35565 – CVE-2020-35565 is a critical authentication vul... (How to Fix)

Q: What is the severity of CVE-2020-35565?

CVE-2020-35565 has a CVSS score of 9.8 (CRITICAL). CVE-2020-35565 is a critical authentication vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software where brute-force protection is disabled by default on login pages. This allows attackers to perform unlimited password guessing attempts without rate limiting or lockout mechanisms. All organizations using affected versions of these industrial remote access solutions are vulnerable.

📋 TL;DR

CVE-2020-35565 is a critical authentication vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software where brute-force protection is disabled by default on login pages. This allows attackers to perform unlimited password guessing attempts without rate limiting or lockout mechanisms. All organizations using affected versions of these industrial remote access solutions are vulnerable.

💻 Affected Systems

Products:

MB CONNECT LINE mymbCONNECT24
MB CONNECT LINE mbCONNECT24

Versions: through 2.6.2

Operating Systems: Not OS-specific - application vulnerability

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable as brute-force detection is disabled by default.

📦 What is this software?

Mbconnect24 by Mbconnectline

View all CVEs affecting Mbconnect24 →

Mymbconnect24 by Mbconnectline

View all CVEs affecting Mymbconnect24 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through credential brute-forcing leading to unauthorized access to industrial control systems, potential data theft, and operational disruption.

🟠

Likely Case

Successful credential stuffing attacks resulting in unauthorized access to remote management interfaces and potential lateral movement within industrial networks.

🟢

If Mitigated

Failed authentication attempts with proper monitoring and alerting, no successful unauthorized access.

🌐 Internet-Facing: HIGH - Login pages are typically internet-facing for remote access solutions, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this, but external threat is more significant.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only standard HTTP requests to login endpoints with automated password guessing tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2.6.2

Vendor Advisory: https://mbconnectline.com/security-advice/

Restart Required: Yes

Instructions:

1. Download latest version from vendor portal. 2. Backup current configuration. 3. Install update following vendor documentation. 4. Verify brute-force protection is enabled in settings.

🔧 Temporary Workarounds

Enable brute-force protection

all

Manually enable brute-force detection and account lockout features in application settings.

Implement network-level rate limiting

all

Configure firewall or WAF to limit authentication attempts per IP address.

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable systems from internet access
Deploy web application firewall with brute-force protection rules

🔍 How to Verify

Check if Vulnerable:

Check application version in admin interface and verify if version is 2.6.2 or earlier. Test login page with multiple failed attempts to see if lockout occurs.

Check Version:

Check version in web interface or consult vendor documentation for version checking method.

Verify Fix Applied:

Verify version is above 2.6.2 and test that multiple failed login attempts trigger account lockout or rate limiting.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts from same IP address
Successful login after many failed attempts
No account lockout events

Network Indicators:

High volume of POST requests to login endpoints
Authentication traffic patterns showing brute-force tools

SIEM Query:

source="application_logs" (event="login_failed") | stats count by src_ip | where count > 10

📊 Metadata

CVE ID: CVE-2020-35565

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-307

Published: February 16, 2021

Last Updated: November 21, 2024

🔗 References

https://cert.vde.com/de-de/advisories/vde-2021-003 Third Party Advisory
https://mbconnectline.com/security-advice/ Vendor Advisory
https://cert.vde.com/de-de/advisories/vde-2021-003 Third Party Advisory
https://mbconnectline.com/security-advice/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-35565, you might also want to check these: