Several potentially serious vulnerabilities were recently found and patched in routers made by Germany-based industrial and automation solutions provider Helmholz.
The existence of the security holes came to light last week, when Germany’s CERT@VDE published an advisory describing eight vulnerabilities discovered in Helmholz’s REX 100 router, which enables organizations to remotely access and manage industrial networks.
Helmholz routers are used worldwide, distributed through a network of partners across 60 countries, including in North America, Europe and Asia.
According to CERT@VDE’s advisory, three of the vulnerabilities have a ‘high severity’ rating, all of them allowing an attacker with high privileges to execute arbitrary OS commands using specially crafted requests.
The remaining issues, classified as ‘medium severity’, can be exploited for SQL injection, XSS, and DoS attacks (including unauthenticated DoS).
The vendor has patched the vulnerabilities with the release of firmware version 2.3.3 for REX 100 routers. Prior firmware versions are impacted.
The vulnerabilities were discovered during lab exercises organized at an Austrian university by industrial cybersecurity company CyberDanube, which, despite their official CVSS scores, believes some of the flaws are critical.
CyberDanube’s Sebastian Dietz told SecurityWeek that while a majority of the REX 100 vulnerabilities require authentication for exploitation, the devices have default credentials that could allow an attacker to overcome this requirement.
Dietz explained that some of the flaws can allow an attacker to execute arbitrary code on the targeted device as root, enabling them to cause disruption, intercept communications, or pivot to other systems on the network.
Another potential security risk flagged by CyberDanube is related to the fact the industrial router is permanently connected to the vendor’s cloud environment, which enables users to manage and configure devices on an industrial network through a web interface.
If attackers were to find vulnerabilities in the implementation of this cloud system, they may be able to reach other customers’ devices, which could have ‘devastating’ consequences, Dietz speculated.
CyberDanube has published its own advisory for the vulnerabilities, including technical details and PoC exploit code.
Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
October 27-30, 2025 | Atlanta
www.icscybersecurityconference.com
Related: Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks
Related: Four-Faith Industrial Router Vulnerability Exploited in Attacks
Related: Train Brakes Can Be Hacked Over Radio—And the Industry Knew for 20 Years
