A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://certvde.com/en/advisories/VDE-2025-068 |
![]() ![]() |
History
Tue, 02 Sep 2025 08:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters. | |
Title | Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions | |
Weaknesses | CWE-532 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: CERTVDE
Published:
Updated: 2025-09-02T08:12:13.946Z
Reserved: 2025-04-16T11:17:48.309Z
Link: CVE-2025-41690

No data.

Status : Received
Published: 2025-09-02T08:15:30.583
Modified: 2025-09-02T08:15:30.583
Link: CVE-2025-41690

No data.

No data.