Impact
The vulnerability allows an attacker within Bluetooth Low Energy range to bypass the device’s authentication controls and access the configuration service, granting full administrative privileges over the SafeLine SL6 and SL6+ intercom system. The weakness lies in improper authentication (CWE‑305) and can be leveraged to alter configuration settings or potentially compromise elevator safety functions.
Affected Systems
All SafeLine SL6 and SL6+ units running firmware versions earlier than 4.97 are susceptible. The security patch, released in firmware 4.97, eliminates the PIN authentication requirement for BLE and limits the configuration interface to a narrow window after reboot, effectively stopping remote access via Bluetooth unless the "Auto Enable BLE" setting is re‑enabled.
Risk and Exploitability
With a CVSS score of 8.7, this flaw is considered high severity. The EPSS metric is not available, and the vulnerability has not yet appeared in the CISA KEV catalog, suggesting no widespread exploitation reports to date. Based on the description, the likely attack vector involves local wireless exploitation via Bluetooth Low Energy, as the device can be accessed within BLE range. Attackers could therefore disrupt or tamper with elevator emergency communication without authorization.
OpenCVE Enrichment