Helmholz: Multiple SQLi vulnerabilities in myREX24V2/myREX24V2.virtual
Plan PatchCVSS 7.5VDE-2026-058May 27, 2026
Helmholz
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple SQL injection (SQLi) vulnerabilities exist in Helmholz myREX24V2 and myREX24V2.virtual gateway systems (versions 2.20.0 and earlier). The vulnerable functionality is not enabled by default and can only be exploited if an attacker has already gained root shell access to the system. On hosted MBCL instances behind the Gatekeeper service, access is restricted by an IP whitelist on the LAN interface.
What this means
What could happen
An attacker with network access and root-level shell access could execute arbitrary SQL queries against the myREX24V2 database, potentially reading sensitive configuration or operational data. However, the feature is disabled by default and only accessible to attackers who have already compromised the system with root privileges.
Who's at risk
Water and electric utilities using Helmholz myREX24V2 or myREX24V2.virtual systems for process automation and data logging. This affects any facility using these gateway or virtual controller systems for SCADA integration or remote telemetry.
How it could be exploited
An attacker would first need to gain root shell access to the myREX24V2 system, then enable the vulnerable SQLi function, and finally craft malicious SQL queries to extract or modify data in the database. This is a post-exploitation capability rather than an initial access vector.
Prerequisites
- Root shell access to the myREX24V2 system
- Ability to enable the SQLi function (disabled by default)
- Network access to the database interface (typically localhost or restricted subnet)
remotely exploitablerequires root-level compromise firstdisabled by defaultno patch available for older versions
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
myREX24V2≤ 2.20.02.20.1
myREX24V22.20.02.20.1
myREX24V2.virtual≤ 2.20.02.20.1
myREX24V2.virtual2.20.02.20.1
Remediation & Mitigation
0/3
Do now
0/2myREX24V2
HARDENINGRestrict network access to the myREX24V2 system to only trusted engineering workstations and control systems
All products
HARDENINGMonitor system logs for unauthorized root shell access or privilege escalation attempts
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
myREX24V2
HOTFIXUpdate myREX24V2 and myREX24V2.virtual to version 2.20.1 or later
CVEs (41)
CVE-2026-40810CVE-2026-40811CVE-2026-40812CVE-2026-40813CVE-2026-40814CVE-2026-40815CVE-2026-40816CVE-2026-40817CVE-2026-40818CVE-2026-40819CVE-2026-40820CVE-2026-40821CVE-2026-40822CVE-2026-40823CVE-2026-40824CVE-2026-40825CVE-2026-40826CVE-2026-40827CVE-2026-40828CVE-2026-40829CVE-2026-40830CVE-2026-40831CVE-2026-40832CVE-2026-40833CVE-2026-40834CVE-2026-40835CVE-2026-40836CVE-2026-40837CVE-2026-40838CVE-2026-40839CVE-2026-40840CVE-2026-40841CVE-2026-40842CVE-2026-40843CVE-2026-40844CVE-2026-40845CVE-2026-40846CVE-2026-40847CVE-2026-40848CVE-2026-40849CVE-2026-40850
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/50a6bc0a-7093-4668-a486-76e3ddba13b1Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.