{ "document": { "acknowledgments": [ { "organization": "CERT@VDE", "summary": "coordination", "urls": [ "https://certvde.com" ] }, { "names": [ "BMW" ], "organization": "BMW Manufacturing Co., LLC", "summary": "reporting", "urls": [ "https://www.bmwusfactory.com" ] } ], "aggregate_severity": { "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale", "text": "High" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-GB", "notes": [ { "category": "general", "text": "As part of a comprehensive cybersecurity strategy, Helmholz recommends implementing the following defense-in-depth measures to reduce the risk of exploitation:\n- Deploy Helmholz devices exclusively in protected industrial network environments and minimize direct exposure to untrusted networks.\n- Segregate the automation and control network from other networks using appropriate network segmentation concepts and industrial firewalls.\n- Use secure remote access mechanisms, such as VPN (Virtual Private Network) connections with strong authentication, when remote maintenance or access is required.\n- Enable and consistently enforce user authentication, role-based access control, and strong password policies where supported.\n- Use encrypted communication protocols where available and technically feasible.\n- Restrict physical and logical access to automation components, engineering stations, and control systems using appropriate organizational and technical measures.\n- Ensure systems are protected with up-to-date security mechanisms, including endpoint protection solutions where applicable, and maintain current firmware and software versions.\n- Helmholz strongly recommends minimizing network exposure of connected industrial devices and implementing state-of-the-art technical and organizational security measures in accordance with recognized standards such as IEC 62443.\n\nFor secure installation, configuration, and operation, always follow the security guidelines and recommendations provided in the respective product documentation.", "title": "General Recommendation" }, { "category": "summary", "text": "Vulnerabilities in PROFINET-Switch devices with firmware <= V1.12.010 that allow an attacker to gain control over the device.", "title": "Summary" }, { "category": "description", "text": "Full control over the device is possible if attacker exchanges traffic over a longer time. For details see CVE description.", "title": "Impact" }, { "category": "description", "text": "Update to latest version: 1.12.100", "title": "Remediation" }, { "category": "legal_disclaimer", "text": "Helmholz shall not be held responsible for any indirect, incidental, special, or consequential damages arising from the distribution or use of this document, or from any actions taken in reliance upon its contents. The information contained herein is provided by Helmholz in good faith and free of charge. To the extent permitted under applicable law, such information does not constitute any representation, warranty, guarantee, contractual commitment, or legal obligation on the part of Helmholz. Users remain solely responsible for evaluating the suitability and impact of the information on their specific systems or installations prior to implementation. If any adverse effects are identified, the information must not be applied.", "title": "Disclaimer" } ], "publisher": { "category": "vendor", "contact_details": "psirt@helmholz.de", "name": "Helmholz GmbH & Co. KG", "namespace": "https://www.helmholz.de" }, "references": [ { "category": "external", "summary": "CERT@VDE Security Advisories for Helmholz GmbH & Co. KG", "url": "https://certvde.com/en/advisories/vendor/helmholz/" }, { "category": "self", "summary": "VDE-2026-013: Helmholz: Use of a Broken or Risky Cryptographic Algorithm - HTML", "url": "https://certvde.com/en/advisories/VDE-2026-013" }, { "category": "self", "summary": "VDE-2026-013: Helmholz: Use of a Broken or Risky Cryptographic Algorithm - CSAF", "url": "https://helmholz.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-013.json" }, { "category": "external", "summary": "Helmholz PSIRT", "url": "https://www.helmholz.de/service-support/service/security-psirt/" } ], "title": "Helmholz: Use of a Broken or Risky Cryptographic Algorithm", "tracking": { "aliases": [ "VDE-2026-013" ], "current_release_date": "2026-04-07T08:00:00.000Z", "generator": { "date": "2026-04-02T07:00:41.603Z", "engine": { "name": "Secvisogram", "version": "2.5.44" } }, "id": "VDE-2026-013", "initial_release_date": "2026-04-07T08:00:00.000Z", "revision_history": [ { "date": "2026-04-07T08:00:00.000Z", "number": "1.0.0", "summary": "Initial revision." } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "FLEXtra FLAT PROFINET-Switch 4-Port", "product": { "name": "FLEXtra FLAT PROFINET-Switch 4-Port", "product_id": "CSAFPID-11011", "product_identification_helper": { "cpe": "cpe:2.3:h:helmholz:flextra_flat_profinet_switch_4_port:*:*:*:*:*:*:*:*", "model_numbers": [ "700-850-4PS01" ] } } }, { "category": "product_name", "name": "FLEXtra FLAT PROFINET-Switch 8-Port", "product": { "name": "FLEXtra FLAT PROFINET-Switch 8-Port", "product_id": "CSAFPID-11012", "product_identification_helper": { "cpe": "cpe:2.3:h:helmholz:flextra_flat_profinet_switch_8_port:*:*:*:*:*:*:*:*", "model_numbers": [ "700-850-8PS01" ] } } }, { "category": "product_name", "name": "FLEXtra FLAT PROFINET-Switch 16-Port", "product": { "name": "FLEXtra FLAT PROFINET-Switch 16-Port", "product_id": "CSAFPID-11013", "product_identification_helper": { "cpe": "cpe:2.3:h:helmholz:flextra_flat_profinet_switch_16_port:*:*:*:*:*:*:*:*", "model_numbers": [ "700-850-16P01" ] } } }, { "category": "product_name", "name": "FLEXtra IP67 PROFINET-Switch 8-Port", "product": { "name": "FLEXtra IP67 PROFINET-Switch 8-Port", "product_id": "CSAFPID-11014", "product_identification_helper": { "cpe": "cpe:2.3:h:helmholz:flextra_ip67_profinet_switch_8_port:*:*:*:*:*:*:*:*", "model_numbers": [ "700-857-8PS01" ] } } } ], "category": "product_family", "name": "Hardware" }, { "branches": [ { "category": "product_version", "name": "1.12.100", "product": { "name": "Firmware 1.12.100", "product_id": "CSAFPID-22011", "product_identification_helper": { "model_numbers": [ "700-850-4PS01", "700-850-8PS01", "700-850-16P01", "700-857-8PS01" ] } } }, { "category": "product_version_range", "name": "vers:generic/<=1.12.015", "product": { "name": "Firmware <=1.12.015", "product_id": "CSAFPID-21011", "product_identification_helper": { "model_numbers": [ "700-850-4PS01", "700-850-8PS01", "700-850-16P01", "700-857-8PS01" ] } } }, { "category": "product_version", "name": "1.12.015", "product": { "name": "Firmware 1.12.015", "product_id": "CSAFPID-21012", "product_identification_helper": { "model_numbers": [ "700-850-4PS01", "700-850-8PS01", "700-850-16P01", "700-857-8PS01" ] } } } ], "category": "product_family", "name": "Firmware" } ], "category": "vendor", "name": "Helmholz GmbH & Co. KG" } ], "product_groups": [ { "group_id": "CSAFGID-0001", "product_ids": [ "CSAFPID-31001", "CSAFPID-31011", "CSAFPID-31002", "CSAFPID-31012", "CSAFPID-31003", "CSAFPID-31013", "CSAFPID-31004", "CSAFPID-31014" ], "summary": "Affected products." }, { "group_id": "CSAFGID-0002", "product_ids": [ "CSAFPID-32001", "CSAFPID-32002", "CSAFPID-32003", "CSAFPID-32004" ], "summary": "Fixed products." } ], "relationships": [ { "category": "installed_on", "full_product_name": { "name": "Firmware <=1.12.015 installed on FLEXtra FLAT PROFINET-Switch 4-Port", "product_id": "CSAFPID-31001", "product_identification_helper": { "model_numbers": [ "700-850-4PS01" ] } }, "product_reference": "CSAFPID-21011", "relates_to_product_reference": "CSAFPID-11011" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.12.015 installed on FLEXtra FLAT PROFINET-Switch 4-Port", "product_id": "CSAFPID-31011", "product_identification_helper": { "cpe": "cpe:2.3:o:helmholz:flextra_flat_profinet_switch_4_port_firmware:1.12.010:*:*:*:*:*:*:*", "model_numbers": [ "700-850-4PS01" ] } }, "product_reference": "CSAFPID-21012", "relates_to_product_reference": "CSAFPID-11011" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.12.100 installed on FLEXtra FLAT PROFINET-Switch 4-Port", "product_id": "CSAFPID-32001", "product_identification_helper": { "cpe": "cpe:2.3:o:helmholz:flextra_flat_profinet_switch_4_port_firmware:1.12.100:*:*:*:*:*:*:*", "model_numbers": [ "700-850-4PS01" ] } }, "product_reference": "CSAFPID-22011", "relates_to_product_reference": "CSAFPID-11011" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <=1.12.015 installed on FLEXtra FLAT PROFINET-Switch 8-Port", "product_id": "CSAFPID-31002", "product_identification_helper": { "model_numbers": [ "700-850-8PS01" ] } }, "product_reference": "CSAFPID-21011", "relates_to_product_reference": "CSAFPID-11012" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.12.015 installed on FLEXtra FLAT PROFINET-Switch 8-Port", "product_id": "CSAFPID-31012", "product_identification_helper": { "cpe": "cpe:2.3:o:helmholz:flextra_flat_profinet_switch_8_port_firmware:1.12.015:*:*:*:*:*:*:*", "model_numbers": [ "700-850-8PS01" ] } }, "product_reference": "CSAFPID-21012", "relates_to_product_reference": "CSAFPID-11012" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.12.100 installed on FLEXtra FLAT PROFINET-Switch 8-Port", "product_id": "CSAFPID-32002", "product_identification_helper": { "cpe": "cpe:2.3:o:helmholz:flextra_flat_profinet_switch_8_port_firmware:1.12.100:*:*:*:*:*:*:*", "model_numbers": [ "700-850-8PS01" ] } }, "product_reference": "CSAFPID-22011", "relates_to_product_reference": "CSAFPID-11012" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <=1.12.015 installed on FLEXtra FLAT PROFINET-Switch 16-Port", "product_id": "CSAFPID-31003", "product_identification_helper": { "model_numbers": [ "700-850-16P01" ] } }, "product_reference": "CSAFPID-21011", "relates_to_product_reference": "CSAFPID-11013" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.12.015 installed on FLEXtra FLAT PROFINET-Switch 16-Port", "product_id": "CSAFPID-31013", "product_identification_helper": { "cpe": "cpe:2.3:o:helmholz:flextra_flat_profinet_switch_4_port_firmware:1.12.015:*:*:*:*:*:*:*", "model_numbers": [ "700-850-16P01" ] } }, "product_reference": "CSAFPID-21012", "relates_to_product_reference": "CSAFPID-11013" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.12.100 installed on FLEXtra FLAT PROFINET-Switch 16-Port", "product_id": "CSAFPID-32003", "product_identification_helper": { "cpe": "cpe:2.3:o:helmholz:flextra_flat_profinet_switch_16_port_firmware:1.12.100:*:*:*:*:*:*:*", "model_numbers": [ "700-850-16P01" ] } }, "product_reference": "CSAFPID-22011", "relates_to_product_reference": "CSAFPID-11013" }, { "category": "installed_on", "full_product_name": { "name": "Firmware <=1.12.015 installed on FLEXtra IP67 PROFINET-Switch 8-Port", "product_id": "CSAFPID-31004", "product_identification_helper": { "model_numbers": [ "700-857-8PS01" ] } }, "product_reference": "CSAFPID-21011", "relates_to_product_reference": "CSAFPID-11014" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.12.015 installed on FLEXtra IP67 PROFINET-Switch 8-Port", "product_id": "CSAFPID-31014", "product_identification_helper": { "cpe": "cpe:2.3:o:helmholz:flextra_flat_profinet_switch_8_port_firmware:1.12.015:*:*:*:*:*:*:*", "model_numbers": [ "700-857-8PS01" ] } }, "product_reference": "CSAFPID-21012", "relates_to_product_reference": "CSAFPID-11014" }, { "category": "installed_on", "full_product_name": { "name": "Firmware 1.12.100 installed on FLEXtra IP67 PROFINET-Switch 8-Port", "product_id": "CSAFPID-32004", "product_identification_helper": { "cpe": "cpe:2.3:o:helmholz:flextra_flat_profinet_switch_8_port_firmware:1.12.100:*:*:*:*:*:*:*", "model_numbers": [ "700-857-8PS01" ] } }, "product_reference": "CSAFPID-22011", "relates_to_product_reference": "CSAFPID-11014" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-2183", "cwe": { "id": "CWE-327", "name": "Use of a Broken or Risky Cryptographic Algorithm" }, "notes": [ { "category": "description", "text": "The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a \"Sweet32\" attack.", "title": "CVE Description" } ], "product_status": { "fixed": [ "CSAFPID-32001", "CSAFPID-32002", "CSAFPID-32003", "CSAFPID-32004" ], "known_affected": [ "CSAFPID-31001", "CSAFPID-31011", "CSAFPID-31002", "CSAFPID-31012", "CSAFPID-31003", "CSAFPID-31013", "CSAFPID-31004", "CSAFPID-31014" ] }, "remediations": [ { "category": "vendor_fix", "details": "Update to latest firmware 1.12.100", "group_ids": [ "CSAFGID-0001" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.5, "environmentalSeverity": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 7.5, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-31001", "CSAFPID-31011", "CSAFPID-31002", "CSAFPID-31012", "CSAFPID-31003", "CSAFPID-31013", "CSAFPID-31004", "CSAFPID-31014" ] } ], "title": "CVE-2016-2183" } ] }