Helmholz: Use of a Broken or Risky Cryptographic Algorithm

Act NowCVSS 7.5VDE-2026-013Apr 7, 2026

Helmholz

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The FLEXtra PROFINET-Switch devices (4-port, 8-port, and 16-port models) with firmware version 1.12.010 and earlier contain a broken or risky cryptographic algorithm (CWE-327) that allows attackers to compromise the confidentiality of configuration data and management credentials. An attacker with network access can exploit this weakness to decrypt sensitive information or gain unauthorized access to the switch's management functions, potentially enabling unauthorized modification of network settings or device configuration.

What this means

What could happen

An attacker who gains access to the device's web interface or management port could use weak encryption to intercept or decrypt sensitive configuration data, potentially allowing unauthorized changes to the PROFINET switch configuration that could disrupt network communications between PLCs, sensors, and other control devices.

Who's at risk

Water utilities and municipal electric systems that use Helmholz FLEXtra PROFINET switches for communication between industrial controllers, I/O modules, sensors, and other networked automation equipment. Affected switch models include 4-port, 8-port, and 16-port variants in both flat and IP67 (industrial enclosure) form factors.

How it could be exploited

An attacker with network access to the PROFINET switch's management interface (HTTP/HTTPS port) can exploit the weak cryptographic algorithm used for securing credentials or configuration data. By sniffing or intercepting encrypted traffic, the attacker can decrypt sensitive information or bypass authentication to gain administrative control of the switch.

Prerequisites

Network access to the switch's management interface (TCP port 80 or 443)
Ability to sniff or intercept network traffic to/from the switch
No authentication required to exploit the weak encryption itself

Remotely exploitableNo authentication required to exploit weak encryptionLow complexity attackHigh EPSS score (41%)No patch available for many firmware versionsAffects industrial network backbone

Exploitability

Likely to be exploited — EPSS score 41.0%

Affected products (8)

8 with fix

ProductAffected VersionsFix Status

FLEXtra FLAT PROFINET-Switch 8-Port1.12.0151.12.100

FLEXtra FLAT PROFINET-Switch 16-Port≤ 1.12.0151.12.100

FLEXtra IP67 PROFINET-Switch 8-Port≤ 1.12.0151.12.100

FLEXtra IP67 PROFINET-Switch 8-Port1.12.0151.12.100

FLEXtra FLAT PROFINET-Switch 4-Port≤ 1.12.0151.12.100

FLEXtra FLAT PROFINET-Switch 4-Port1.12.0151.12.100

FLEXtra FLAT PROFINET-Switch 8-Port≤ 1.12.0151.12.100

FLEXtra FLAT PROFINET-Switch 16-Port1.12.0151.12.100

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGRestrict network access to the PROFINET switch management interface to authorized engineering workstations only using firewall rules or network segmentation

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate FLEXtra PROFINET-Switch firmware to version 1.12.100 or later

Long-term hardening

0/1

HARDENINGUse a VPN or secure remote access solution for any out-of-band management of the switches

CVEs (1)

CVE-2016-2183

View full CERT@VDE advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d269bcf4-c00a-49f0-889b-1e84fe8a9580

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.