OTPulse
FeedAboutContact

Helmholz: REX 100 vulnerable to OS command injection

Plan Patch7.2VDE-2024-032Jul 3, 2024
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

A vulnerability exists in Helmholz REX 100 devices with firmware version 2.2.11 and earlier that allows an authenticated attacker to execute arbitrary OS commands via GET requests to the web interface. The vulnerability is exploited through OS command injection, enabling an attacker with valid login credentials to run system-level commands on the controller.

What this means
What could happen
An attacker with valid credentials to the REX 100 could execute arbitrary commands on the device, potentially altering control logic, stopping operations, or compromising data integrity in your automation process.
Who's at risk
Organizations operating Helmholz REX 100 controllers in process automation, manufacturing, and infrastructure applications should prioritize this issue. REX 100 is commonly used in small-to-medium industrial automation, building control, and utility SCADA applications where unauthorized command execution could disrupt critical processes.
How it could be exploited
An attacker with valid engineering credentials sends a crafted GET request to the REX 100 web interface containing OS command injection payload. The device executes the injected command with the permissions of the web service, allowing full system-level access.
Prerequisites
  • Valid login credentials to the REX 100 web interface
  • Network access to the REX 100 HTTP/HTTPS port
remotely exploitableauthenticated access required but credentials often shared or defaulthigh CVSS score (7.2)vendor patch available
Affected products (1)
ProductAffected VersionsFix Status
REX 100≤ 2.2.112.2.13
Remediation & Mitigation
0/3
Do now
0/2
WORKAROUNDRestrict network access to the REX 100 web interface to authorized engineering workstations only using firewall rules
HARDENINGReview and reset all REX 100 user credentials; disable any unused or default accounts
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate REX 100 firmware to version 2.2.13 or later
View full CERT@VDE advisory
API: /api/v1/advisories/3064c739-1e31-4ad3-850d-7293b851aa97
Helmholz: REX 100 vulnerable to OS command injection | CVSS 7.2 - OTPulse