ICSA-20-273-01_MB Connect line mbCONNECT24, mymbCONNECT24

Plan Patch8.8ICS-CERT ICSA-20-273-01Sep 29, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

MB Connect line mbCONNECT24 and mymbCONNECT24 versions 2.6.1 and prior contain a command injection vulnerability (CWE-77). The vulnerability has a CVSS score of 8.8 with high impact on confidentiality, integrity, and availability. An attacker can execute arbitrary commands with user interaction. No public exploits are currently known, though the vulnerability was reported by security researchers to CISA.

What this means

What could happen

An attacker could execute arbitrary commands on devices managed through mbCONNECT24 or mymbCONNECT24, potentially altering process parameters, stopping operations, or reading sensitive configuration data from PLCs and field devices.

Who's at risk

Water utilities, power generation facilities, and manufacturing plants that use MB Connect line mbCONNECT24 or mymbCONNECT24 for remote access, monitoring, or integration with industrial control systems. This affects any organization relying on these gateway devices for device connectivity and management in OT networks.

How it could be exploited

An attacker tricks a user (engineering staff or operator) into clicking a malicious link or opening a crafted email attachment. The attack exploits a command injection flaw in how the application processes user input. If the user is logged in or authenticated to mbCONNECT24/mymbCONNECT24, the injected commands execute in the context of the gateway, allowing manipulation of connected control devices.

Prerequisites

User interaction required: engineering staff or operator must click a link or open an attachment
Valid session or login to mbCONNECT24/mymbCONNECT24 application
Application must be accessible to the attacker (either internet-facing or within network reach)

remotely exploitableuser interaction requiredcommand injectionno authentication required if user is tricked into interactionaffects gateway/access point to control devices

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

mbCONNECT24: v2.6.1 and prior≤ 2.6.12.6.2

mymbCONNECT24: v2.6.1 and prior≤ 2.6.12.6.2

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDDo not click web links or open unsolicited email attachments, especially from untrusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate mbCONNECT24 and mymbCONNECT24 to version 2.6.2 or higher

Long-term hardening

0/3

HARDENINGLocate mbCONNECT24/mymbCONNECT24 behind firewalls and isolate from the business network to minimize internet exposure

HARDENINGUse VPN with secure authentication for any required remote access to the gateway, and keep VPN software updated

HARDENINGImplement network segmentation to restrict access to control system devices from the gateway

CVEs (3)

CVE-2020-24569 CVE-2020-24568 CVE-2020-24570

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c5c18f23-454f-4970-96ab-1e3e4205d5ea