Helmholz: Multiple products are vulnerable to regreSSHion

VDE-2024-044

Last update

14.05.2025 14:28

Published at

31.07.2024 10:00

Vendor(s)

Helmholz GmbH & Co. KG

External ID

VDE-2024-044

CSAF Document

Download

Summary

Several Helmholz products are vulnerable to a possible race condition vulnerability in OpenSSH named "regreSSHion".

Impact

Possible full system compromise where an attacker can execute arbitrary code with the highest privileges.

Affected Product(s)

Model no.	Product name	Affected versions
	REX200	Firmware 8.0.0<8.2.0
	REX250	Firmware 8.0.0<8.2.0
	myREX24 V2	Firmware <2.16.1
	myREX24 V2 virtual	Firmware <2.16.1

Vulnerabilities

Expand / Collapse all

Published

22.09.2025 14:57

Severity

8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)

Summary

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

References

cve.org | nvd.nist.gov

Mitigation

Prevent all access to the sshd daemon listening on port 22.

Remediation

Update to latest firmware:

2.16.1 for myREX24 V2/myREX24 V2 virtual
8.2.0 for REX200/REX250

Revision History

Version	Date	Summary
1	31.07.2024 10:00	initial revision
2	14.05.2025 14:28	Fix: version space, added distribution

Helmholz: Multiple products are vulnerable to regreSSHion

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2024-6387 8.1

Mitigation

Remediation

Revision History