CVE-2025-41690
Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions
A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected products
Endress+Hauser · Promag 10 with HARTEndress+Hauser · Promag 10 with IO-LinkEndress+Hauser · Promag 10 with ModbusEndress+Hauser · Promass 10 with HARTEndress+Hauser · Promass 10 with IO-LinkEndress+Hauser · Promass 10 with ModbusWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →