Helmholz: Multiple vulnerabilities in REX 100

MonitorCVSS 7.2VDE-2025-059Jul 21, 2025

Helmholz

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in Helmholz REX 100 devices with firmware versions 2.3.2 and earlier, including command injection (CWE-78), SQL injection (CWE-89), buffer overflow (CWE-787), cross-site scripting (CWE-79), and resource exhaustion (CWE-400). These vulnerabilities allow an authenticated attacker to gain full control over the device. Firmware version 2.3.3 or later contains fixes for these issues.

What this means

What could happen

An attacker with valid credentials to a REX 100 device can execute arbitrary commands or alter device configuration, potentially disrupting process automation or data logging in the plant.

Who's at risk

Operations managers and automation technicians responsible for Helmholz REX 100 controllers used in manufacturing, process automation, or facility management systems should assess whether they are running vulnerable firmware versions and take steps to restrict access and apply updates.

How it could be exploited

An attacker must first obtain valid login credentials for the REX 100 device, then can exploit the vulnerabilities (command injection, SQL injection, buffer overflow, or XSS) to gain full control of the device and execute arbitrary commands on the system.

Prerequisites

Valid login credentials for the REX 100 device (username and password)
Network access to the REX 100 device management interface
Device firmware version 2.3.2 or earlier

remotely exploitablerequires valid credentialsaffects multiple attack vectors (CWE-78 command injection, CWE-89 SQL injection, CWE-787 buffer overflow)vendor fix available

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

Firmware <2.3.3All versionsFix available

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGVerify that 'Lock network configuration (Conftool)' is enabled in device configuration

HARDENINGRestrict network access to REX 100 device management interface to authorized personnel only; use firewall rules to limit access to trusted engineering workstations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate REX 100 firmware to version 2.3.3 or later

CVEs (8)

CVE-2025-41673 CVE-2025-41674 CVE-2025-41675 CVE-2025-41676 CVE-2025-41677 CVE-2025-41678 CVE-2025-41679 CVE-2025-41681

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/948b7410-6bbb-472c-bf2d-1d7dc832e979

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.