Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain...

7.4 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Description

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.

Basic Information

ID CVE-2025-41690

Source CERTVDE

Published Sep 2, 2025 at 08:12

Affected Product

Vendor Endress+Hauser

Product Promag 10 with HART

Affected Versions Endress+Hauser Promag 10 with HART 0
Endress+Hauser Promag 10 with IO-Link 0
Endress+Hauser Promag 10 with Modbus 0
Endress+Hauser Promass 10 with HART 0
Endress+Hauser Promass 10 with IO-Link 0
Endress+Hauser Promass 10 with Modbus 0

CWE Classification

CWE-532

References

certvde.com /en/advisories/VDE-2025-068

{
    "lastseen": "",
    "description": "A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device\u2019s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.",
    "published": "2025-09-02T08:12:13.946Z",
    "modified": "2025-09-02T08:12:13.946Z",
    "type": "cve",
    "title": "Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions",
    "source": "CERTVDE",
    "references": "https://certvde.com/en/advisories/VDE-2025-068",
    "id": "CVE-2025-41690",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "Endress+Hauser Promag 10 with HART 0\nEndress+Hauser Promag 10 with IO-Link 0\nEndress+Hauser Promag 10 with Modbus 0\nEndress+Hauser Promass 10 with HART 0\nEndress+Hauser Promass 10 with IO-Link 0\nEndress+Hauser Promass 10 with Modbus 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Promag 10 with HART",
    "version": "0",
    "vendor": "Endress+Hauser",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions_CVE-2025-41690