VDE-2024-032

Vulnerability from csaf_helmholzgmbhcokg - Published: 2024-07-03 09:00 - Updated: 2024-07-03 13:33
Summary
Helmholz: REX 100 vulnerable to OS command injection
Severity
High
Notes
Summary: There exists a vulnerability in all REX 100 devices with firmware <= 2.2.11 that allows an authenticated attacker to execute arbitrary system commands via GET requests. Update: 03.07.2024 3:30pm  In section Reported by Sebastian Dietz (CyberDanube) was added.
Impact: See CVE description.
Mitigation: As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.
Remediation: Update to latest version: 2.2.13
CVE-2024-5672

A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.

7.2 (High)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Mitigation As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.
Vendor Fix Update to latest version: 2.2.13
References
Acknowledgments
CERT@VDE certvde.com
CyberDanube Sebastian Dietz
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      },
      {
        "names": [
          "Sebastian Dietz"
        ],
        "organization": "CyberDanube",
        "summary": "reporting"
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
      "text": "High"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-GB",
    "notes": [
      {
        "category": "summary",
        "text": "There exists a vulnerability in all REX 100 devices with firmware \u003c= 2.2.11 that allows an authenticated attacker to execute arbitrary system commands via GET requests.\n\nUpdate: 03.07.2024 3:30pm\u00a0\nIn section Reported by Sebastian Dietz (CyberDanube) was added.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "See CVE description.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Update to latest version: 2.2.13",
        "title": "Remediation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@helmholz.de",
      "name": "Helmholz GmbH \u0026 Co. KG",
      "namespace": "https://www.helmholz.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "VDE-2024-032: Helmholz: REX 100 vulnerable to OS command injection - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2024-032/"
      },
      {
        "category": "self",
        "summary": "VDE-2024-032: Helmholz: REX 100 vulnerable to OS command injection - CSAF",
        "url": "https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-032.json"
      },
      {
        "category": "external",
        "summary": "Helmholz PSIRT",
        "url": "https://www.helmholz.de"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Helmholz GmbH \u0026 Co. KG",
        "url": "https://certvde.com/en/advisories/vendor/helmholz/"
      }
    ],
    "title": "Helmholz: REX 100 vulnerable to OS command injection",
    "tracking": {
      "aliases": [
        "VDE-2024-032"
      ],
      "current_release_date": "2024-07-03T13:33:00.000Z",
      "generator": {
        "date": "2025-06-16T07:19:51.738Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.27"
        }
      },
      "id": "VDE-2024-032",
      "initial_release_date": "2024-07-03T09:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-07-03T09:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial revision."
        },
        {
          "date": "2024-07-03T13:33:00.000Z",
          "number": "1.0.1",
          "summary": "In section Reported by Sebastian Dietz (CyberDanube) was added."
        }
      ],
      "status": "final",
      "version": "1.0.1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "REX 100",
                "product": {
                  "name": "REX 100",
                  "product_id": "CSAFPID-11001"
                }
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=2.2.11",
                "product": {
                  "name": "Firmware \u003c=2.2.11",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "2.2.13",
                "product": {
                  "name": "Firmware 2.2.13",
                  "product_id": "CSAFPID-22001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Helmholz"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware \u003c=2.2.11 installed on REX 100",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Firmware 2.2.13 installed on REX 100",
          "product_id": "CSAFPID-32001"
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-5672",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "A high privileged remote attacker can\u00a0execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command.",
          "title": "Vulnerability Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "As this is an authenticated exploit, you can mitigate it by making sure that no malicious actor can login to a vulnerable device.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to latest version: 2.2.13",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.2,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 7.2,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2024-5672"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.