VDE-2024-032
Vulnerability from csaf_helmholzgmbhcokg - Published: 2024-07-03 09:00 - Updated: 2024-07-03 13:33Summary
Helmholz: REX 100 vulnerable to OS command injection
Severity
High
Notes
Summary: There exists a vulnerability in all REX 100 devices with firmware <= 2.2.11 that allows an authenticated attacker to execute arbitrary system commands via GET requests.
Update: 03.07.2024 3:30pm
In section Reported by Sebastian Dietz (CyberDanube) was added.
Impact: See CVE description.
Mitigation: As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.
Remediation: Update to latest version: 2.2.13
A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.
7.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — |
Mitigation
Vendor Fix
|
References
4 references
| URL | Category |
|---|---|
| https://certvde.com/en/advisories/VDE-2024-032/ | self |
| https://helmholz.csaf-tp.certvde.com/.well-known/… | self |
| https://www.helmholz.de | external |
| https://certvde.com/en/advisories/vendor/helmholz/ | external |
Acknowledgments
CERT@VDE
certvde.com
CyberDanube
Sebastian Dietz
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Sebastian Dietz"
],
"organization": "CyberDanube",
"summary": "reporting"
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "High"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "There exists a vulnerability in all REX 100 devices with firmware \u003c= 2.2.11 that allows an authenticated attacker to execute arbitrary system commands via GET requests.\n\nUpdate: 03.07.2024 3:30pm\u00a0\nIn section Reported by Sebastian Dietz (CyberDanube) was added.",
"title": "Summary"
},
{
"category": "description",
"text": "See CVE description.",
"title": "Impact"
},
{
"category": "description",
"text": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to latest version: 2.2.13",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@helmholz.de",
"name": "Helmholz GmbH \u0026 Co. KG",
"namespace": "https://www.helmholz.de"
},
"references": [
{
"category": "self",
"summary": "VDE-2024-032: Helmholz: REX 100 vulnerable to OS command injection - HTML",
"url": "https://certvde.com/en/advisories/VDE-2024-032/"
},
{
"category": "self",
"summary": "VDE-2024-032: Helmholz: REX 100 vulnerable to OS command injection - CSAF",
"url": "https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-032.json"
},
{
"category": "external",
"summary": "Helmholz PSIRT",
"url": "https://www.helmholz.de"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Helmholz GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/helmholz/"
}
],
"title": "Helmholz: REX 100 vulnerable to OS command injection",
"tracking": {
"aliases": [
"VDE-2024-032"
],
"current_release_date": "2024-07-03T13:33:00.000Z",
"generator": {
"date": "2025-06-16T07:19:51.738Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.27"
}
},
"id": "VDE-2024-032",
"initial_release_date": "2024-07-03T09:00:00.000Z",
"revision_history": [
{
"date": "2024-07-03T09:00:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
},
{
"date": "2024-07-03T13:33:00.000Z",
"number": "1.0.1",
"summary": "In section Reported by Sebastian Dietz (CyberDanube) was added."
}
],
"status": "final",
"version": "1.0.1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "REX 100",
"product": {
"name": "REX 100",
"product_id": "CSAFPID-11001"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.2.11",
"product": {
"name": "Firmware \u003c=2.2.11",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "2.2.13",
"product": {
"name": "Firmware 2.2.13",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Helmholz"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.2.11 installed on REX 100",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.2.13 installed on REX 100",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5672",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "A high privileged remote attacker can\u00a0execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
"product_ids": [
"CSAFPID-31001"
]
},
{
"category": "vendor_fix",
"details": "Update to latest version: 2.2.13",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.2,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 7.2,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2024-5672"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…