CVE-2025-41690

Published: Sep 2, 2025

Modified: Sep 2, 2025

PUBLISHED

CVSS v3.1

7.4

HIGH

Description

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.

Vendor	Product	Versions
Endress+Hauser	Promag 10 with HART	affected `0 - < 01.00.06`
Endress+Hauser	Promag 10 with IO-Link	affected `0 - < 01.00.02`
Endress+Hauser	Promag 10 with Modbus	affected `0 - < 01.00.06`
Endress+Hauser	Promass 10 with HART	affected `0 - < 01.00.06`
Endress+Hauser	Promass 10 with IO-Link	affected `0 - < 01.00.02`
Endress+Hauser	Promass 10 with Modbus	affected `0 - < 01.00.06`

Weaknesses (CWE)

CWE-532

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://certvde.com/en/advisories/VDE-2025-068

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-41690

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References