CVE-2025-41690
Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions
A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Productos afectados
Endress+Hauser · Promag 10 with HARTEndress+Hauser · Promag 10 with IO-LinkEndress+Hauser · Promag 10 with ModbusEndress+Hauser · Promass 10 with HARTEndress+Hauser · Promass 10 with IO-LinkEndress+Hauser · Promass 10 with Modbus¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →