CVE-2024-23943

Published Mar 18, 2025

Last updated 9 days ago

CVSS critical 9.1
API

Overview

Description
An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected.
Source
info@cert.vde.com
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity
CRITICAL

Weaknesses

info@cert.vde.com
CWE-306

Social media

Hype score
Not currently trending

  1. CVE-2024-23943 (CVSS 9.1): Critical Flaw Found in Industrial Communication Devices A high-severity vulnerability in industrial communication devices poses significant risks to operational technology (OT) environments. https://t.co/d0EpblnS80 #Cybersecurity #OTSecurity

    @adriananglin

    21 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-23943 (CVSS 9.1): Critical Flaw Found in Industrial Communication Devices https://t.co/9h4G1wz1eW

    @Dinosn

    21 Mar 2025

    1804 Impressions

    2 Retweets

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-23943 ⚠️🔴 CRITICAL (9.1) 🏢 MB connect line - mbCONNECT24 🏗️ 0 🔗 https://t.co/OZE1anphtK #CyberCron #VulnAlert #InfoSec https://t.co/8YKy6RY2Qt

    @cybercronai

    18 Mar 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. New post from https://t.co/uXvPWJyEiR (CVE-2024-23943 | MB connect line mbCONNECT24/mbNET/mbNET.rokey/mymbCONNECT24 Cloud API missing authentication (VDE-2024-010)) has been published on https://t.co/B2UgQHIjSc

    @WolfgangSesin

    18 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. �� CVE-2024-23943 - Since no specific product - HIGH 🚨 🗓️ Date published 2025-03-18 11:15:39 UTC #Sincenospecificproduct #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/y3yPBr28gl

    @vulns_space

    18 Mar 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [CVE-2024-23943: CRITICAL] An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is not affected.#cybersecurity,#vulnerability https://t.co/hZNMnL21Fk https://t.co/PfxaKnnX

    @CveFindCom

    18 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2024-23943 An unauthenticated remote attacker can gain access to the cloud API due to a lack of authentication for a critical function in the affected devices. Availability is n… https://t.co/9mLAa04gqX

    @CVEnew

    18 Mar 2025

    287 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616
  2. A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.CVE-2026-25197
  3. GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account.CVE-2026-4312
  4. Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To remediate this issue, users should upgrade to version 1.3.9.CVE-2026-4270
  5. OliveTin gives access to predefined shell commands from a web interface. Prior to version 3000.10.3, an unauthenticated denial-of-service vulnerability exists in OliveTin’s OAuth2 login flow. Concurrent requests to /oauth/login can trigger unsynchronized access to a shared registeredStates map, causing a Go runtime panic (fatal error: concurrent map writes) and process termination. This allows remote attackers to crash the service when OAuth2 is enabled. This issue has been patched in version 3000.10.3.CVE-2026-28789

References

Sources include official advisories and independent security research.