Helmholz: Cross-site Scripting vulnerability in REX 200/REX 250

VDE-2023-029

Last update

17.08.2023 14:00

Published at

17.08.2023 14:00

Vendor(s)

Helmholz GmbH & Co. KG

External ID

VDE-2023-029

CSAF Document

Download

Summary

A stored XXS vulnerability has been found in REX 200 and REX 250 in all versions before 7.3.2.

Impact

A remote, authenticated attacker can fully compromise the browser session of all users accessing the devices web interface.

Affected Product(s)

Model no.	Product name	Affected versions
	REX 200	Firmware <7.3.2
	REX 250	Firmware <7.3.2

Vulnerabilities

Expand / Collapse all

Published

22.09.2025 14:58

Severity

4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Weakness

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

Summary

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an
authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).

References

cve.org | nvd.nist.gov

Remediation

Update to 7.3.2

Revision History

Version	Date	Summary
1	17.08.2023 14:00	Initial revision.

Helmholz: Cross-site Scripting vulnerability in REX 200/REX 250

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2023-34412 4.8

Remediation

Revision History