VDE-2024-069

Vulnerability from csaf_helmholzgmbhcokg - Published: 2024-10-15 08:00 - Updated: 2026-03-06 08:00
Summary
Helmholz: Multiple Vulnerabilities in Helmholz products
Notes
Summary: Multiple vulnerabilities have been discovered in Helmholz products that could allow RCE or unauthorized file access. CVE-2024-45272 affects the myREX24V2 and myREX24V2.virtual products. CVE-2024-45273 affects the REX 200/REX 250, myREX24V2, myREX24V2.virtual products. CVE-2024-45275 affects only the REX 200 / REX 250 products.
Impact: CVE-2024-45272 allows brute-force attacks against remote credentials with a high probability of success. CVE-2024-45273 allows undetectable tampering and manipulation of encrypted configuration files. CVE-2024-45275 allow remote code execution with system privileges, resulting in full compromise of the device
Remediation: Update REX 200 /REX 250 to the version 8.2.1\ Update myREX24V2, myREX24V2.virtual to the version 2.16.3\ **Note**: REX 300 is EOL and will not receive any further updates.
Disclaimer: Helmholz shall not be held responsible for any indirect, incidental, special, or consequential damages arising from the distribution or use of this document, or from any actions taken in reliance upon its contents. The information contained herein is provided by Helmholz in good faith and free of charge. To the extent permitted under applicable law, such information does not constitute any representation, warranty, guarantee, contractual commitment, or legal obligation on the part of Helmholz. Users remain solely responsible for evaluating the suitability and impact of the information on their specific systems or installations prior to implementation. If any adverse effects are identified, the information must not be applied.
CVE-2024-45275

The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.

9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-798 - Use of Hard-coded Credentials
Vendor Fix **Note**: REX 300 is EOL and will not receive any further updates.
CVE-2024-45273

An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.

8.4 (High)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-261 - Weak Encoding for Password
Vendor Fix Update REX 200 / REX 250 to the version 8.2.1\ Update myREX24V2, myREX24V2.virtual to the version 2.16.3\ **Note**: REX 300 is EOL and will not receive any further updates.
CVE-2024-45272

An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1391 - Use of Weak Credentials
Vendor Fix Update myREX24V2, myREX24V2.virtual to the version 2.16.3
References
Acknowledgments
CERT@VDE certvde.com
SySS GmbH Moritz Abrell www.syss.de
Marcel Rick-Cen
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Moritz Abrell"
        ],
        "organization": "SySS GmbH",
        "summary": "reporting",
        "urls": [
          "https://www.syss.de"
        ]
      },
      {
        "organization": "Marcel Rick-Cen",
        "summary": "reporting"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities have been discovered in Helmholz products that could allow RCE or unauthorized file access.\n\nCVE-2024-45272 affects the myREX24V2 and myREX24V2.virtual products.\n\nCVE-2024-45273 affects the REX 200/REX 250, myREX24V2, myREX24V2.virtual products.\n\nCVE-2024-45275 affects only the REX 200 / REX 250 products.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "CVE-2024-45272 allows brute-force attacks against remote credentials with a high probability of success.\n\nCVE-2024-45273 allows undetectable tampering and manipulation of encrypted configuration files.\n\nCVE-2024-45275 allow remote code execution with system privileges, resulting in full compromise of the device\n",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Update REX 200 /REX 250 to the version 8.2.1\\\nUpdate myREX24V2, myREX24V2.virtual to the version 2.16.3\\\n**Note**: REX 300 is EOL and will not receive any further updates.",
        "title": "Remediation"
      },
      {
        "category": "legal_disclaimer",
        "text": "Helmholz shall not be held responsible for any indirect, incidental, special, or consequential damages arising from the distribution or use of this document, or from any actions taken in reliance upon its contents. The information contained herein is provided by Helmholz in good faith and free of charge. To the extent permitted under applicable law, such information does not constitute any representation, warranty, guarantee, contractual commitment, or legal obligation on the part of Helmholz. Users remain solely responsible for evaluating the suitability and impact of the information on their specific systems or installations prior to implementation. If any adverse effects are identified, the information must not be applied.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@helmholz.de",
      "name": "Helmholz GmbH \u0026 Co. KG",
      "namespace": "https://www.helmholz.de"
    },
    "references": [
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Helmholz",
        "url": "https://certvde.com/en/advisories/vendor/helmholz"
      },
      {
        "category": "self",
        "summary": "VDE-2024-069: Helmholz: Multiple Vulnerabilities in Helmholz products - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2024-069"
      },
      {
        "category": "self",
        "summary": "VDE-2024-069: Helmholz: Multiple Vulnerabilities in Helmholz products - CSAF",
        "url": "https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-069.json"
      }
    ],
    "title": "Helmholz: Multiple Vulnerabilities in Helmholz products",
    "tracking": {
      "aliases": [
        "VDE-2024-069",
        "SIM#2024-04"
      ],
      "current_release_date": "2026-03-06T08:00:00.000Z",
      "generator": {
        "date": "2026-03-06T07:48:10.147Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.44"
        }
      },
      "id": "VDE-2024-069",
      "initial_release_date": "2024-10-15T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-10-15T08:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial revision."
        },
        {
          "date": "2024-11-06T11:27:01.000Z",
          "number": "2.0.0",
          "summary": "Fix: correct certvde domain, added self-reference"
        },
        {
          "date": "2025-05-14T12:28:19.000Z",
          "number": "3.0.0",
          "summary": "Fix: version space"
        },
        {
          "date": "2026-03-06T08:00:00.000Z",
          "number": "4.0.0",
          "summary": "Added CVE-2024-45275"
        }
      ],
      "status": "final",
      "version": "4.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_family",
                "name": "myREX24V2",
                "product": {
                  "name": "Helmholz myREX24V2",
                  "product_id": "CSAFPID-11001",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:helmholz:myREX24V2:*:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "REX 300",
                "product": {
                  "name": "Helmholz REX 300",
                  "product_id": "CSAFPID-11002",
                  "product_identification_helper": {
                    "model_numbers": [
                      "700-871-EDG01",
                      "700-871-EDG02",
                      "700-871-ISD01",
                      "700-871-ISD02",
                      "700-871-MDM01",
                      "700-871-MDM02",
                      "700-871-UMT02",
                      "700-872-EDG01",
                      "700-872-EDG02",
                      "700-872-ISD01",
                      "700-872-ISD02",
                      "700-872-MDM01",
                      "700-872-MDM02",
                      "700-872-UMT02"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "REX 200/REX 250",
                "product": {
                  "name": "Helmholz REX 200/ REX 250",
                  "product_id": "CSAFPID-11003",
                  "product_identification_helper": {
                    "model_numbers": [
                      "700-877-WAN01",
                      "700-877-WAN02",
                      "700-877-LTE01",
                      "700-877-LTE02",
                      "700-877-LTE21",
                      "700-877-WIF01",
                      "700-877-WIF02",
                      "700-877-UMT01",
                      "700-878-WAN01",
                      "700-878-WAN02",
                      "700-878-LTE01",
                      "700-878-LTE02",
                      "700-878-LTE11",
                      "700-878-WIF01",
                      "700-878-WIF02",
                      "700-878-UMT01"
                    ]
                  }
                }
              },
              {
                "category": "product_name",
                "name": "myREX24V2.virtual",
                "product": {
                  "name": "Helmholz myREX24V2.virtual",
                  "product_id": "CSAFPID-11006",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:h:helmholz:myREX24V2virtual:*:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:semver/\u003c=2.16.2",
                "product": {
                  "name": "Firmware \u003c=2.16.2",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:semver/\u003c=5.1.11",
                "product": {
                  "name": "Firmware \u003c=5.1.11",
                  "product_id": "CSAFPID-21002"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:semver/\u003c=8.2.0",
                "product": {
                  "name": "Firmware \u003c=8.2.0",
                  "product_id": "CSAFPID-21003"
                }
              },
              {
                "category": "product_version",
                "name": "8.2.1",
                "product": {
                  "name": "Firmware 8.2.1",
                  "product_id": "CSAFPID-22002",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:helmholz:firmware:8.2.1:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.16.3",
                "product": {
                  "name": "Firmware 2.16.3",
                  "product_id": "CSAFPID-22003",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:helmholz:firmware:2.16.3:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "2.16.2",
                "product": {
                  "name": "Firmware 2.16.2",
                  "product_id": "CSAFPID-21004",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:helmholz:firmware:2.16.2:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "5.1.11",
                "product": {
                  "name": "Firmware 5.1.11",
                  "product_id": "CSAFPID-21006",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:helmholz:firmware:5.1.11:*:*:*:*:*:*:*"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.2.0",
                "product": {
                  "name": "Firmware 8.2.0",
                  "product_id": "CSAFPID-21007",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:helmholz:firmware:8.2.0:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Helmholz GmbH \u0026 CO. KG"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004"
        ],
        "summary": "Affected products."
      },
      {
        "group_id": "CSAFGID-0002",
        "product_ids": [
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004"
        ],
        "summary": "Fixed products."
      },
      {
        "group_id": "CSAFGID-0003",
        "product_ids": [
          "CSAFPID-33002",
          "CSAFPID-33003",
          "CSAFPID-33001",
          "CSAFPID-33005"
        ],
        "summary": "Last affected products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=2.16.2 installed on Helmholz myREX24V2",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=2.16.2 installed on Helmholz myREX24V2.virtual",
          "product_id": "CSAFPID-31002"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=5.1.11 installed on Helmholz REX 300",
          "product_id": "CSAFPID-31003"
        },
        "product_reference": "CSAFPID-21002",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=8.2.0 installed on Helmholz REX 200 / REX 250",
          "product_id": "CSAFPID-31004"
        },
        "product_reference": "CSAFPID-21003",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 8.2.1 installed on Helmholz REx 200 / REX 250",
          "product_id": "CSAFPID-32002",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:helmholz:firmware:8.2.1:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-22002",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.16.3 installed on Helmholz myREX24V2",
          "product_id": "CSAFPID-32003",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:helmholz:firmware:2.16.3:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.16.3 installed on Helmholz myREX24V2.virtual",
          "product_id": "CSAFPID-32004",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:helmholz:firmware:2.16.3:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-22003",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 5.1.11 installed on Helmholz REX 300",
          "product_id": "CSAFPID-33001",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:helmholz:firmware:5.1.11:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21006",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.16.2 installed on Helmholz myREX24V2",
          "product_id": "CSAFPID-33002",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:helmholz:firmware:2.16.2:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21004",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.16.2 installed on Helmholz myREX24V2.virtual",
          "product_id": "CSAFPID-33003",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:helmholz:firmware:2.16.2:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21004",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 8.2.0 installed on Helmholz REX 200 / REX 250",
          "product_id": "CSAFPID-33005",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:helmholz:firmware:8.2.0:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21007",
        "relates_to_product_reference": "CSAFPID-11003"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-45275",
      "cwe": {
        "id": "CWE-798",
        "name": "Use of Hard-coded Credentials"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "The devices contain two hard coded user accounts with hardcoded passwords that allow an unauthenticated remote attacker for full control of the affected devices.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31003"
        ],
        "last_affected": [
          "CSAFPID-33001"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "**Note**: REX 300 is EOL and will not receive any further updates.",
          "group_ids": [
            "CSAFGID-0001",
            "CSAFGID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31003",
            "CSAFPID-33001"
          ]
        }
      ],
      "title": "CVE-2024-45275"
    },
    {
      "cve": "CVE-2024-45273",
      "cwe": {
        "id": "CWE-261",
        "name": "Weak Encoding for Password"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32002",
          "CSAFPID-32003",
          "CSAFPID-32004"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004"
        ],
        "last_affected": [
          "CSAFPID-33002",
          "CSAFPID-33003",
          "CSAFPID-33001",
          "CSAFPID-33005"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update REX 200 / REX 250 to the version 8.2.1\\\nUpdate myREX24V2, myREX24V2.virtual to the version 2.16.3\\\n**Note**: REX 300 is EOL and will not receive any further updates.",
          "group_ids": [
            "CSAFGID-0001",
            "CSAFGID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.4,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.4,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-33002",
            "CSAFPID-33003",
            "CSAFPID-33001",
            "CSAFPID-33005"
          ]
        }
      ],
      "title": "CVE-2024-45273"
    },
    {
      "cve": "CVE-2024-45272",
      "cwe": {
        "id": "CWE-1391",
        "name": "Use of Weak Credentials"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32003",
          "CSAFPID-32004"
        ],
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002"
        ],
        "last_affected": [
          "CSAFPID-33002",
          "CSAFPID-33003"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update myREX24V2, myREX24V2.virtual to the version 2.16.3",
          "group_ids": [
            "CSAFGID-0001",
            "CSAFGID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-33002",
            "CSAFPID-33003"
          ]
        }
      ],
      "title": "CVE-2024-45272"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.