A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
History

Tue, 02 Sep 2025 08:15:00 +0000

Type Values Removed Values Added
Description A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
Title Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions
Weaknesses CWE-532
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: CERTVDE

Published:

Updated: 2025-09-02T08:12:13.946Z

Reserved: 2025-04-16T11:17:48.309Z

Link: CVE-2025-41690

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-09-02T08:15:30.583

Modified: 2025-09-02T08:15:30.583

Link: CVE-2025-41690

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.