Helmholz: Multiple vulnerabilites in myREX24 and myREX24.virtual

VDE-2023-008

Last update

05/15/2023 14:06

Published at

05/15/2023 14:06

Vendor(s)

Helmholz GmbH & Co. KG

External ID

VDE-2023-008

CSAF Document

Download

Summary

Two vulnerabilites have been discovered in myREX24 and myREX24.virtual in all versions through 2.13.3.

Impact

Please consult the CVE Entries.

Affected Product(s)

Model no.	Product name	Affected versions
	myREX24 <=2.13.3	myREX24 <=2.13.3
	myREX24.virtual <=2.13.3	myREX24.virtual <=2.13.3

Vulnerabilities

Expand / Collapse all

Published

09/22/2025 14:58

Severity

8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Authorization Bypass Through User-Controlled Key (CWE-639)

References

cve.org | nvd.nist.gov

Published

09/22/2025 14:58

Severity

4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weakness

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)

References

cve.org | nvd.nist.gov

Mitigation

Mitigation for CVE-2023-0985:
If you have MFA enabled on the admin user, the password will still be set, but the attacker will be unable to login as the MFA is still in place.

Remediation

Update to latest Version: 2.13.4

Revision History

Version	Date	Summary
1	05/15/2023 14:06	Initial revision.