Helmholz: Multiple products are vulnerable to regreSSHion
Plan Patch8.1VDE-2024-044Jul 31, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
Several Helmholz products are vulnerable to a race condition vulnerability in OpenSSH (regreSSHion). This vulnerability affects myREX24 V2 (versions before 2.16.1), myREX24 V2 virtual (versions before 2.16.1), REX200 (versions 8.0.0 through 8.1.x), and REX250 (versions 8.0.0 through 8.1.x). The race condition in the SSH daemon could potentially allow an unauthenticated attacker with network access to port 22 to achieve unauthorized command execution on the controller.
What this means
What could happen
An attacker with network access to port 22 (SSH) could exploit a race condition in OpenSSH to gain unauthorized command execution on the PLC, potentially allowing them to alter process logic, modify setpoints, or disrupt plant operations.
Who's at risk
This affects organizations operating Helmholz myREX24 V2 controllers and REX200/REX250 industrial controllers used for process automation and control in manufacturing, water treatment, and power distribution environments. Any site using these devices for critical process control should prioritize remediation.
How it could be exploited
The attacker sends crafted SSH packets to the affected device's SSH daemon (port 22) to trigger a race condition in OpenSSH. This could allow the attacker to bypass authentication and execute arbitrary commands on the controller without valid credentials.
Prerequisites
- Network connectivity to port 22 (SSH daemon) on the affected Helmholz device
- No authentication required; vulnerability is in the SSH handshake/authentication mechanism
remotely exploitableno authentication requiredaffects industrial controllersrace condition complexity allows bypass of authentication mechanism
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
myREX24 V2<2.16.12.16.1
myREX24 V2 virtual<2.16.12.16.1
REX2008.0.0<8.2.08.2.0
REX2508.0.0<8.2.08.2.0
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDBlock all inbound traffic to port 22 (SSH) from untrusted networks using a firewall or network ACL
HARDENINGDisable SSH access if remote management is not required; restrict SSH to an out-of-band management network if it must be used
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
myREX24 V2
HOTFIXUpdate myREX24 V2 and myREX24 V2 virtual firmware to version 2.16.1 or later
REX200
HOTFIXUpdate REX200 and REX250 firmware to version 8.2.0 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f983e4be-b952-46e4-818e-bd87efbe37f0