Helmholz: Remote user enumeration in myREX24/myREX24-virtual
Plan Patch7.5VDE-2021-058Dec 8, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
An enumeration vulnerability in myREX24 and myREX24-virtual versions 2.9.0 and earlier allows unauthenticated remote attackers to discover valid user accounts. This information disclosure could enable targeted attacks against legitimate users.
What this means
What could happen
An attacker can enumerate valid user accounts on myREX24 controllers without authentication, potentially enabling targeted account compromise or social engineering attacks against operators.
Who's at risk
Industrial automation operators using Helmholz myREX24 controllers or myREX24-virtual systems in any plant or facility. This affects anyone relying on these controllers for process control, monitoring, or automation tasks.
How it could be exploited
An attacker on the network sends requests to the myREX24 controller to probe for valid usernames. The system reveals which accounts exist through response differences, allowing the attacker to build a list of legitimate users for further attacks.
Prerequisites
- Network access to the myREX24 controller over the network
- No authentication required
remotely exploitableno authentication requiredlow complexity
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
myREX24≤ 2.9.02.10.1
myREX24-virtual≤ 2.9.02.10.1
Remediation & Mitigation
0/3
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
myREX24
HOTFIXUpdate myREX24 to version 2.10.1 or later
HOTFIXUpdate myREX24-virtual to version 2.10.1 or later
Long-term hardening
0/1myREX24
HARDENINGRestrict network access to myREX24 controllers using firewall rules to limit connections to authorized engineering workstations and control systems only
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/8513a18c-9fb9-42ad-a86a-f27323b2a1d7