Helmholz: Use of a Broken or Risky Cryptographic Algorithm

VDE-2026-015

Last update

04/21/2026 14:00

Published at

04/21/2026 12:00

Vendor(s)

Helmholz GmbH & Co. KG

External ID

VDE-2026-015

CSAF Document

Download

Summary

Vulnerabilities in WALL IE devices with firmware <= V1.10.210 that allow an attacker to gain control over the device.

Impact

Full control over the device is possible if attacker exchanges traffic over a longer time. For details see CVE description.

Affected Product(s)

Model no.	Product name	Affected versions
700-860-WAL01	WALl IE Standard 4-Port	Firmware <=1.10.210, Firmware 1.10.210

Vulnerabilities

Expand / Collapse all

Published

04/21/2026 17:40

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness

Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

Summary

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

References

cve.org | nvd.nist.gov

Remediation

Update to latest version: 1.10.232

Acknowledgments

Helmholz GmbH & Co. KG thanks the following parties for their efforts:

CERT@VDE for coordination (see https://certvde.com )
BMW from BMW Manufacturing Co., LLC for reporting (see https://www.bmwusfactory.com )

Revision History

Version	Date	Summary
1.0.0	04/21/2026 12:00	Initial revision.
1.0.1	04/21/2026 14:00	fixed release date

Helmholz: Use of a Broken or Risky Cryptographic Algorithm

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2016-2183 7.5

Remediation

Acknowledgments

Revision History