A new wave of industrial cybersecurity concerns has emerged following the discovery of eight security vulnerabilities in the REX 100 routers developed by Helmholz, a Germany-based provider of industrial automation solutions.

These routers are used to enable remote access and management of industrial networks and are deployed globally across over 60 countries, including regions in North America, Europe, and Asia.

The vulnerabilities were detailed in a recent advisory published by Germany’s CERT@VDE, highlighting that three of the flaws are considered high severity. These specific weaknesses could allow authenticated attackers with elevated privileges to execute arbitrary commands on the device’s operating system.

The remaining five vulnerabilities, classified as medium severity, open the door to a range of attacks including:

• SQL injection
• Cross-site scripting (XSS)
• Denial of service (DoS) — including unauthenticated DoS scenarios

Patches Released: Firmware Update Now Available

Helmholz has responded by issuing a firmware update (v2.3.3) to address the vulnerabilities. Any systems running older versions of the firmware remain exposed and should be updated immediately.

Vulnerabilities Discovered by CyberDanube During Lab Research

The flaws were uncovered during cybersecurity lab sessions at an Austrian university, led by researchers from CyberDanube, a firm specialized in industrial cybersecurity.

Despite the CVSS ratings, CyberDanube suggests that some of these vulnerabilities could pose critical threats. According to Sebastian Dietz, lead researcher at CyberDanube, many of the attack vectors require authentication—but that’s not necessarily a barrier. The routers ship with default credentials, making them especially susceptible if those defaults remain unchanged.

Dietz also emphasized that several flaws enable attackers to execute arbitrary code with root privileges, potentially allowing them to disrupt operations, spy on sensitive data, or move laterally across connected systems.

A Risk Beyond the Device: Cloud Exposure

Beyond the device-level risks, CyberDanube flagged an additional concern: the persistent connection to Helmholz’s cloud environment. This cloud-based management platform offers centralized access and control of REX 100 devices.

If attackers manage to exploit vulnerabilities in the cloud infrastructure, they could potentially impact multiple customers at once—leading to what Dietz describes as “devastating consequences.”

CyberDanube has released a technical advisory including proof-of-concept (PoC) exploit code and deeper details for security teams and developers.

Takeaway for Industrial Operators

These findings underscore the importance of securing industrial networking hardware, not only through firmware updates but also by:

• Removing or changing default credentials
• Limiting access to cloud interfaces
• Continuously monitoring device behavior for anomalies

For organizations in manufacturing, energy, or critical infrastructure, the risks associated with industrial routers are no longer theoretical—they’re real and growing. Now more than ever, a proactive approach to cybersecurity is essential.

Source: https://www.securityweek.com/vulnerabilities-expose-helmholz-industrial-routers-to-hacking/