Helmholz REX100 Industrial Routers Found Vulnerable to Critical Security Exploits

CERT@VDE has issued a security advisory disclosing multiple vulnerabilities in Helmholz REX100 industrial routers, potentially allowing unauthorized access and remote code execution.

The Helmholz REX100, an industrial Ethernet router designed to facilitate secure remote access to industrial equipment, has been found to contain several critical vulnerabilities. These security flaws pose a significant risk to organizations utilizing the REX100 for managing and monitoring their operational technology (OT) environments.

Vulnerability Overview:

The identified vulnerabilities include:

• CVE-2024-45274 (CVSS 9.8): This critical vulnerability allows unauthenticated remote attackers to execute arbitrary OS commands on the device via UDP due to a lack of authentication mechanisms.
• CVE-2024-45275 (CVSS 9.8): The presence of hardcoded user accounts with default passwords in the REX100 further exacerbates the risk, providing attackers with an easy path to compromise the device.
• CVE-2024-45271 (CVSS 8.4): An unauthenticated local attacker can exploit this vulnerability to gain administrative privileges by deploying a specially crafted configuration file, highlighting inadequate input validation.
• CVE-2024-45273 (CVSS 8.4): A weak encryption implementation allows unauthorized decryption of the device’s configuration files, potentially exposing sensitive information and enabling further attacks.
• CVE-2024-45276 (CVSS 7.5): This vulnerability allows unauthenticated remote attackers to gain read access to files stored in the “/tmp” directory, potentially leading to the exposure of sensitive data.

Impact and Remediation:

Successful exploitation of these vulnerabilities could have severe consequences for affected organizations, including:

• Complete compromise of the REX100 and connected industrial equipment.
• Unauthorized access to sensitive operational data and configuration files.
• Disruption of critical industrial processes, leading to potential downtime and financial losses.

Helmholz has addressed these vulnerabilities in firmware version 2.3.1. CERT@VDE strongly recommends that all users of the REX100 immediately update their devices to this version to mitigate the identified security risks.

The vulnerabilities were reported to CERT@VDE by Moritz Abrell of SySS GmbH, in coordination with Helmholz.

Related Posts:

• Kaspersky Report: Energy Industry becomes the largest area affected by vulnerabilities in industrial automation systems
• US/UK warn Russia to hack into global routers
• Hackers use Cisco Router flaws to attack Iran, 3,500 routers hacked
• Hacker can use Smartphone Apps to control industrial processes