{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41690", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "state": "PUBLISHED", "assignerShortName": "CERTVDE", "dateReserved": "2025-04-16T11:17:48.309Z", "datePublished": "2025-09-02T08:12:13.946Z", "dateUpdated": "2025-09-02T13:48:59.186Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Promag 10 with HART", "vendor": "Endress+Hauser", "versions": [{"lessThan": "01.00.06", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Promag 10 with IO-Link", "vendor": "Endress+Hauser", "versions": [{"lessThan": "01.00.02", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Promag 10 with Modbus", "vendor": "Endress+Hauser", "versions": [{"lessThan": "01.00.06", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Promass 10 with HART", "vendor": "Endress+Hauser", "versions": [{"lessThan": "01.00.06", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Promass 10 with IO-Link", "vendor": "Endress+Hauser", "versions": [{"lessThan": "01.00.02", "status": "affected", "version": "0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Promass 10 with Modbus", "vendor": "Endress+Hauser", "versions": [{"lessThan": "01.00.06", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device\u2019s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters."}], "value": "A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device\u2019s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-09-02T08:12:13.946Z"}, "references": [{"url": "https://certvde.com/en/advisories/VDE-2025-068"}], "source": {"advisory": "VDE-2025-068", "defect": ["CERT@VDE#641830"], "discovery": "UNKNOWN"}, "title": "Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-02T13:48:53.162675Z", "id": "CVE-2025-41690", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T13:48:59.186Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41690", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-02T13:48:53.162675Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-02T13:48:56.755Z"}}], "cna": {"title": "Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions", "source": {"defect": ["CERT@VDE#641830"], "advisory": "VDE-2025-068", "discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Endress+Hauser", "product": "Promag 10 with HART", "versions": [{"status": "affected", "version": "0", "lessThan": "01.00.06", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Endress+Hauser", "product": "Promag 10 with IO-Link", "versions": [{"status": "affected", "version": "0", "lessThan": "01.00.02", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Endress+Hauser", "product": "Promag 10 with Modbus", "versions": [{"status": "affected", "version": "0", "lessThan": "01.00.06", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Endress+Hauser", "product": "Promass 10 with HART", "versions": [{"status": "affected", "version": "0", "lessThan": "01.00.06", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Endress+Hauser", "product": "Promass 10 with IO-Link", "versions": [{"status": "affected", "version": "0", "lessThan": "01.00.02", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Endress+Hauser", "product": "Promass 10 with Modbus", "versions": [{"status": "affected", "version": "0", "lessThan": "01.00.06", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://certvde.com/en/advisories/VDE-2025-068"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device\u2019s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.", "supportingMedia": [{"type": "text/html", "value": "A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device\u2019s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "shortName": "CERTVDE", "dateUpdated": "2025-09-02T08:12:13.946Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41690", "state": "PUBLISHED", "dateUpdated": "2025-09-02T13:48:59.186Z", "dateReserved": "2025-04-16T11:17:48.309Z", "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c", "datePublished": "2025-09-02T08:12:13.946Z", "assignerShortName": "CERTVDE"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device\u2019s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters."}], "id": "CVE-2025-41690", "lastModified": "2025-09-02T15:55:25.420", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 5.9, "source": "info@cert.vde.com", "type": "Primary"}]}, "published": "2025-09-02T08:15:30.583", "references": [{"source": "info@cert.vde.com", "url": "https://certvde.com/en/advisories/VDE-2025-068"}], "sourceIdentifier": "info@cert.vde.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "info@cert.vde.com", "type": "Primary"}]}

{}

{"created": "2025-09-02T15:23:02.600530+00:00", "updated": "2025-09-02T15:23:02.600616+00:00", "vendors": ["endress+hauser", "endress+hauser$PRODUCT$proline_10"]}