CVE-2025-41690
7.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Endress+Hauser | Promag 10 with HART | 0 < 01.00.06 | affected |
| Endress+Hauser | Promag 10 with IO-Link | 0 < 01.00.02 | affected |
| Endress+Hauser | Promag 10 with Modbus | 0 < 01.00.06 | affected |
| Endress+Hauser | Promass 10 with HART | 0 < 01.00.06 | affected |
| Endress+Hauser | Promass 10 with IO-Link | 0 < 01.00.02 | affected |
| Endress+Hauser | Promass 10 with Modbus | 0 < 01.00.06 | affected |
Weaknesses
- CWE-532: CWE-532 Insertion of Sensitive Information into Log File
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.