VDE-2024-066
Vulnerability from csaf_helmholzgmbhcokg - Published: 2024-10-15 08:00 - Updated: 2025-08-27 10:00Summary
Helmholz: Multiple Vulnerabilities in Helmholz REX100 Product
Notes
Summary: Multiple vulnerabilities have been discovered in REX100 allowing for RCE or unauthorized file access.
Impact: CVE-2024-45271, CVE-2024-45274 and CVE-2024-45275 allow remote code execution with system privileges, resulting in full compromise of the device.
CVE-2024-45273 allows undetectable tampering and manipulation of encrypted configuration files.
CVE-2024-45276 allows unauthenticated access to potential sensitive files.
Remediation: Update REX100 to the version 2.3.1
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.
9.8 (Critical)
Vendor Fix
Update REX100 to the version 2.3.1
The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.
9.8 (Critical)
Vendor Fix
Update REX100 to the version 2.3.1
An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.
8.4 (High)
Vendor Fix
Update REX100 to the version 2.3.1
An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.
8.4 (High)
Vendor Fix
Update REX100 to the version 2.3.1
An unauthenticated remote attacker can get read access to files in the "/tmp" directory due to missing authentication.
7.5 (High)
Vendor Fix
Update REX100 to the version 2.3.1
References
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Moritz Abrell"
],
"organization": "SySS GmbH",
"summary": "reporting",
"urls": [
"https://www.syss.de"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple vulnerabilities have been discovered in REX100 allowing for RCE or unauthorized file access.",
"title": "Summary"
},
{
"category": "description",
"text": "CVE-2024-45271, CVE-2024-45274 and CVE-2024-45275 allow remote code execution with system privileges, resulting in full compromise of the device.\n\nCVE-2024-45273 allows undetectable tampering and manipulation of encrypted configuration files.\n\nCVE-2024-45276 allows unauthenticated access to potential sensitive files.",
"title": "Impact"
},
{
"category": "description",
"text": "Update REX100 to the version 2.3.1",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@helmholz.de",
"name": "Helmholz GmbH \u0026 Co. KG",
"namespace": "https://www.helmholz.de"
},
"references": [
{
"category": "external",
"summary": "Product security incident reports",
"url": "https://helmholz.com/security-advice"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Helmholz",
"url": "https://certvde.com/en/advisories/vendor/helmholz"
},
{
"category": "self",
"summary": "VDE-2024-066: Helmholz: Multiple Vulnerabilities in Helmholz REX100 Product - HTML",
"url": "https://certvde.com/en/advisories/VDE-2024-066"
},
{
"category": "self",
"summary": "VDE-2024-066: Helmholz: Multiple Vulnerabilities in Helmholz REX100 Product - CSAF",
"url": "https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-066.json"
}
],
"title": "Helmholz: Multiple Vulnerabilities in Helmholz REX100 Product",
"tracking": {
"aliases": [
"VDE-2024-066"
],
"current_release_date": "2025-08-27T10:00:00.000Z",
"generator": {
"date": "2025-08-28T07:38:09.433Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.34"
}
},
"id": "VDE-2024-066",
"initial_release_date": "2024-10-15T08:00:00.000Z",
"revision_history": [
{
"date": "2024-10-15T08:00:00.000Z",
"number": "1.0.0",
"summary": "Initial revision."
},
{
"date": "2024-11-06T11:27:01.000Z",
"number": "1.0.1",
"summary": "Fix: correct certvde domain, added self-reference"
},
{
"date": "2025-03-12T13:30:00.000Z",
"number": "1.0.2",
"summary": "removed spaces around version operators"
},
{
"date": "2025-08-27T10:00:00.000Z",
"number": "1.1.2",
"summary": "Update: CWE from CVE-2024-45271, Revision History"
}
],
"status": "final",
"version": "1.1.2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "REX100",
"product": {
"name": "Helmholz REX100",
"product_id": "CSAFPID-11004"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.2.13",
"product": {
"name": "Firmware \u003c=2.2.13",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "2.3.1",
"product": {
"name": "Firmware 2.3.1",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Helmholz"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c=2.2.13 installed on Helmholz REX100",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2.3.1 installed on Helmholz REX100",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45274",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update REX100 to the version 2.3.1",
"product_ids": [
"CSAFPID-31005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31005"
]
}
],
"title": "CVE-2024-45274"
},
{
"cve": "CVE-2024-45275",
"cwe": {
"id": "CWE-798",
"name": "Use of Hard-coded Credentials"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update REX100 to the version 2.3.1",
"product_ids": [
"CSAFPID-31005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31005"
]
}
],
"title": "CVE-2024-45275"
},
{
"cve": "CVE-2024-45271",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update REX100 to the version 2.3.1",
"product_ids": [
"CSAFPID-31005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.4,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.4,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31005"
]
}
],
"title": "CVE-2024-45271"
},
{
"cve": "CVE-2024-45273",
"cwe": {
"id": "CWE-261",
"name": "Weak Encoding for Password"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update REX100 to the version 2.3.1",
"product_ids": [
"CSAFPID-31005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.4,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.4,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31005"
]
}
],
"title": "CVE-2024-45273"
},
{
"cve": "CVE-2024-45276",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "An unauthenticated remote attacker can get read access to files in the \"/tmp\" directory due to missing authentication.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001"
],
"known_affected": [
"CSAFPID-31005"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update REX100 to the version 2.3.1",
"product_ids": [
"CSAFPID-31005"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31005"
]
}
],
"title": "CVE-2024-45276"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…