Bridge or Backdoor? Critical 9.8 RCE Flaw Threatens Helmholz Industrial Networks
Ddos 
Industrial connectivity specialist Helmholz GmbH & Co. KG has issued an urgent security advisory regarding multiple vulnerabilities discovered in its myREX24V2 and myREX24V2.virtual remote access solutions. These flaws could allow unauthenticated attackers to execute code remotely or gain deep access to the system’s underlying database, potentially compromising the entire industrial monitoring infrastructure.
The most severe vulnerability, tracked as CVE-2026-32968, has been assigned a CVSS score of 9.8, marking it as a critical threat to industrial environments.
The critical flaw is located within the com_mb24sysapi module of the myREX24V2 firmware. This vulnerability is a result of “improper neutralisation of special elements used in an OS command,” which creates a pathway for an unauthenticated remote attacker to trigger Remote Code Execution (RCE).
“CVE-2026-32968 allows unauthenticated RCE resulting in full system compromise impacting confidentiality, integrity, and availability,” the advisory warns. Interestingly, researchers noted that this specific vulnerability is a “variant attack for CVE-2020-10383,” suggesting that previous patch attempts for similar issues may have been bypassed by new exploitation techniques.
In addition to the RCE threat, Helmholz identified a secondary high-severity flaw, CVE-2026-32969, with a CVSS score of 7.5. This is a “Pre-Auth blind SQL Injection vulnerability” found in the authentication method of the userinfo endpoint.
The bug arises from the “improper neutralization of special elements in a SQL SELECT command”. If exploited, an unauthenticated attacker could gain “arbitrary read access to the complete database,” leading to a “total loss of confidentiality” for user data and system configurations.
The vulnerabilities impact both the physical and virtual versions of the Helmholz remote access gateway:
- Helmholz myREX24V2: Firmware version 2.19.3 and all versions prior.
- myREX24V2.virtual: Firmware version 2.19.3 and all versions prior.
Because these vulnerabilities can be exploited without any prior authentication, they represent a significant risk to the “confidentiality, integrity, and availability” of the devices and the networks they manage.
Helmholz has released updated firmware to address these loopholes. System administrators and plant engineers are strongly urged to review their current firmware versions and apply the latest patches immediately to ensure their remote access gateways remain a bridge to productivity rather than a backdoor for attackers.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
