Article No° | Product Name | Affected Version(s) |
---|---|---|
myREX24 V2 | < 2.16.1 | |
myREX24 V2 virtual | < 2.16.1 | |
REX200 | 8.0.0 < 8.2.0 | |
REX250 | 8.0.0 < 8.2.0 |
Several Helmholz products are vulnerable to a possible race condition vulnerability in OpenSSH named "regreSSHion".
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
Possible full system compromise where an attacker can execute arbitrary code with the highest privileges.
Mitigation
Prevent all access to the sshd daemon listening on port 22.
Remediation
Update to latest firmware:
CERT@VDE coordinated with Helmholz