Helmholz: Multiple Vulnerabilities in Helmholz REX100 Product

Plan PatchCVSS 9.8VDE-2024-066Oct 15, 2024

Helmholz

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities have been discovered in Helmholz REX100 devices (versions up to 2.2.13) that allow remote code execution and unauthorized file access. The issues stem from authentication bypass (CWE-306), hard-coded credentials (CWE-798), code injection (CWE-94), and improper access controls (CWE-261, CWE-552). These vulnerabilities can be exploited over the network without authentication to run arbitrary commands on the device or read sensitive files.

What this means

What could happen

An attacker with network access to the REX100 could execute arbitrary commands or access sensitive files without authentication, potentially disrupting industrial automation processes or exfiltrating configuration data.

Who's at risk

Plant and building automation operators using Helmholz REX100 devices for HVAC control, lighting, or process automation should treat this as critical. Any organization running REX100 firmware version 2.2.13 or earlier is affected and vulnerable to remote attack without special network position or authentication.

How it could be exploited

An attacker sends a specially crafted network request to the REX100 device exploiting one of the authentication bypass, hard-coded credential, or code injection flaws. The device processes the request without proper validation and either executes the attacker's code directly or grants access to protected files.

Prerequisites

Network access to REX100 device on port used by the vulnerable service (typically HTTP/HTTPS)
No authentication required

remotely exploitableno authentication requiredlow complexityhigh CVSS (9.8)affects automation control

Exploitability

Some exploitation risk — EPSS score 3.6%

Affected products (1)

ProductAffected VersionsFix Status

REX100≤ 2.2.132.3.1

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate REX100 firmware to version 2.3.1 or later

CVEs (5)

CVE-2024-45274 CVE-2024-45276 CVE-2024-45275 CVE-2024-45273 CVE-2024-45271

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/297cb1d7-fd38-4d00-9239-5d3ebbc4f87a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.