VDE-2024-044
Last update
05/14/2025 14:28
Published at
07/31/2024 10:00
Vendor(s)
Helmholz GmbH & Co. KG
External ID
VDE-2024-044
CSAF Document
Summary
Several Helmholz products are vulnerable to a possible race condition vulnerability in OpenSSH named "regreSSHion".
Impact
Possible full system compromise where an attacker can execute arbitrary code with the highest privileges.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| REX200 | Firmware 8.0.0<8.2.0 | |
| REX250 | Firmware 8.0.0<8.2.0 | |
| myREX24 V2 | Firmware <2.16.1 | |
| myREX24 V2 virtual | Firmware <2.16.1 |
Vulnerabilities
Expand / Collapse all
Published
09/24/2025 12:42
Severity
Weakness
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
Summary
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
References
Mitigation
Prevent all access to the sshd daemon listening on port 22.
Remediation
Update to latest firmware:
- 2.16.1 for myREX24 V2/myREX24 V2 virtual
- 8.2.0 for REX200/REX250
Acknowledgments
Helmholz GmbH & Co. KG thanks the following parties for their efforts:
- CERTVDE for coordination (see https://certvde.com )
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 07/31/2024 10:00 | initial revision |
| 2 | 05/14/2025 14:28 | Fix: version space, added distribution |