Summary: CERT@VDE has released a security advisory detailing multiple critical vulnerabilities in Helmholz REX100 industrial routers that could lead to unauthorized access and remote code execution. Organizations using these routers are urged to update to the latest firmware to mitigate these risks.
Threat Actor: Unauthenticated Remote Attackers | unauthenticated remote attackers
Victim: Helmholz REX100 Users | Helmholz REX100
Key Point :
- Multiple vulnerabilities identified, including CVE-2024-45274 and CVE-2024-45275, both with a CVSS score of 9.8, allowing for remote code execution and exploitation via hardcoded passwords.
- Inadequate input validation and weak encryption further expose the device to unauthorized access and data breaches.
- Organizations are advised to update to firmware version 2.3.1 to address these vulnerabilities and protect their operational technology environments.
CERT@VDE has issued a security advisory disclosing multiple vulnerabilities in Helmholz REX100 industrial routers, potentially allowing unauthorized access and remote code execution.
The Helmholz REX100, an industrial Ethernet router designed to facilitate secure remote access to industrial equipment, has been found to contain several critical vulnerabilities. These security flaws pose a significant risk to organizations utilizing the REX100 for managing and monitoring their operational technology (OT) environments.
Vulnerability Overview:
The identified vulnerabilities include:
- CVE-2024-45274 (CVSS 9.8): This critical vulnerability allows unauthenticated remote attackers to execute arbitrary OS commands on the device via UDP due to a lack of authentication mechanisms.
- CVE-2024-45275 (CVSS 9.8): The presence of hardcoded user accounts with default passwords in the REX100 further exacerbates the risk, providing attackers with an easy path to compromise the device.
- CVE-2024-45271 (CVSS 8.4): An unauthenticated local attacker can exploit this vulnerability to gain administrative privileges by deploying a specially crafted configuration file, highlighting inadequate input validation.
- CVE-2024-45273 (CVSS 8.4): A weak encryption implementation allows unauthorized decryption of the device’s configuration files, potentially exposing sensitive information and enabling further attacks.
- CVE-2024-45276 (CVSS 7.5): This vulnerability allows unauthenticated remote attackers to gain read access to files stored in the “/tmp” directory, potentially leading to the exposure of sensitive data.
Impact and Remediation:
Successful exploitation of these vulnerabilities could have severe consequences for affected organizations, including:
- Complete compromise of the REX100 and connected industrial equipment.
- Unauthorized access to sensitive operational data and configuration files.
- Disruption of critical industrial processes, leading to potential downtime and financial losses.
Helmholz has addressed these vulnerabilities in firmware version 2.3.1. CERT@VDE strongly recommends that all users of the REX100 immediately update their devices to this version to mitigate the identified security risks.
The vulnerabilities were reported to CERT@VDE by Moritz Abrell of SySS GmbH, in coordination with Helmholz.