CVE Alert: CVE-2025-41690 – Endress+Hauser – Promag 10 with HART
CVE-2025-41690
A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.
AI Summary Analysis
Risk verdict
High risk of privilege escalation if exploited; there are currently no active exploitation indicators detected.
Why this matters
A low-privileged attacker within Bluetooth range could extract a maintenance-level password by reading the device’s event log, enabling unauthorised access to sensitive configuration settings. Compromise could enable modification of critical device parameters, with potential safety, process accuracy, and regulatory implications across OT deployments.
Most likely attack path
Attacker must be physically near the device to access Bluetooth, with initial access via viewing the event log (low effort, local). If maintenance credentials are obtained, they could authenticate as Maintenance and alter configurations. Lateral movement is plausible only if credentials are reused elsewhere, otherwise impact is largely confined to the targeted device.
Who is most exposed
Devices deployed in field cabinets or maintenance zones with Bluetooth-enabled interfaces are most at risk, especially where network segmentation is weak and maintenance credentials are shared or poorly protected.
Detection ideas
- Unauthorised reads of event logs near instrumentation.
- Maintenance-credential login events following log-view activity.
- Unusual or repeated Bluetooth pairing attempts from unexpected devices.
- Changes to device configuration without corresponding authorisation.
- Access attempts from accounts with Maintenance privileges outside approved windows.
Mitigation and prioritisation
- Apply patched firmware when available; verify compatibility in a test environment before rollout.
- Disable Bluetooth or limit its use to essential maintenance; enforce strict pairing controls.
- Rotate and tightly restrict maintenance credentials; apply least-privilege access and MFA where feasible.
- Strengthen OT network segmentation; enforce strict access controls and monitor event logs with tamper-evident protections.
- Implement near-real-time monitoring for proximity-based access and maintenance log activity.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
