VDE-2026-013
April 7, 2026, 10:00 AM
Vulnerabilities in PROFINET-Switch devices with firmware <= V1.12.010 that allow an attacker to gain control over the device.
VDE-2026-025
March 23, 2026, 1:00 PM
Multiple vulnerabilities have been discovered in Helmholz myREX24V2 / myREX24V2.virtual that could allow unauthenticated RCE or SQLi.
VDE-2025-069
July 31, 2025, 12:00 PM
An authenticated remote attacker can exploit an undocumented method to escape the LUA sandbox in REX200/250 devices, enabling the execution of arbitrary operating system commands and leading to full system …
VDE-2025-059
July 21, 2025, 12:00 PM
Multiple vulnerabilities in all REX 100 devices with firmware <= 2.3.2 that allow an attacker to gain full control over the device.
VDE-2025-038
June 24, 2025, 12:00 PM
Two vulnerabilities in myREX24/myREX24.virtual can lead to user enumeration an password bypass.
VDE-2025-037
June 24, 2025, 12:00 PM
The mb24api endpoint reachable when connected via VPN is missing authentication for sensitive functions. This can lead to information disclosure of user- and device names and to DoS.
VDE-2024-031
May 14, 2025, 3:00 PM
The data24 service that is bundled with every installation of myREX24 V2/myREX24.virtual has two serious flaws in core components. These combined can lead to a complete loss of confidentiality, integrity …
VDE-2024-069
March 6, 2026, 9:00 AM
Multiple vulnerabilities have been discovered in Helmholz products that could allow RCE or unauthorized file access. CVE-2024-45272 affects the myREX24V2 and myREX24V2.virtual products. CVE-2024-45273 affects the REX 200/REX 250, myREX24V2, …