CVE Alert: CVE-2025-41690 - Endress+Hauser - Promag 10 with HART

CVE-2025-41690

HIGHNo exploitation known

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.

CVSS v3.1 (7.4)

AV ADJACENT_NETWORK · AC LOW · PR LOW · UI REQUIRED · S UNCHANGED

Vendor

Endress+Hauser, Endress+Hauser, Endress+Hauser, Endress+Hauser, Endress+Hauser, Endress+Hauser

Product

Promag 10 with HART, Promag 10 with IO-Link, Promag 10 with Modbus, Promass 10 with HART, Promass 10 with IO-Link, Promass 10 with Modbus

Versions

0 lt 01.00.06 | 0 lt 01.00.02 | 0 lt 01.00.06 | 0 lt 01.00.06 | 0 lt 01.00.02 | 0 lt 01.00.06

CWE

CWE-532, CWE-532 Insertion of Sensitive Information into Log File

Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Published

2025-09-02T08:12:13.946Z

Updated

2025-09-02T13:48:59.186Z

References

https://certvde.com/en/advisories/VDE-2025-068

AI Summary Analysis

Risk verdict

High risk of privilege escalation if exploited; there are currently no active exploitation indicators detected.

Why this matters

A low-privileged attacker within Bluetooth range could extract a maintenance-level password by reading the device’s event log, enabling unauthorised access to sensitive configuration settings. Compromise could enable modification of critical device parameters, with potential safety, process accuracy, and regulatory implications across OT deployments.

Most likely attack path

Attacker must be physically near the device to access Bluetooth, with initial access via viewing the event log (low effort, local). If maintenance credentials are obtained, they could authenticate as Maintenance and alter configurations. Lateral movement is plausible only if credentials are reused elsewhere, otherwise impact is largely confined to the targeted device.

Who is most exposed

Devices deployed in field cabinets or maintenance zones with Bluetooth-enabled interfaces are most at risk, especially where network segmentation is weak and maintenance credentials are shared or poorly protected.

Detection ideas

Unauthorised reads of event logs near instrumentation.
Maintenance-credential login events following log-view activity.
Unusual or repeated Bluetooth pairing attempts from unexpected devices.
Changes to device configuration without corresponding authorisation.
Access attempts from accounts with Maintenance privileges outside approved windows.

Mitigation and prioritisation

Apply patched firmware when available; verify compatibility in a test environment before rollout.
Disable Bluetooth or limit its use to essential maintenance; enforce strict pairing controls.
Rotate and tightly restrict maintenance credentials; apply least-privilege access and MFA where feasible.
Strengthen OT network segmentation; enforce strict access controls and monitor event logs with tamper-evident protections.
Implement near-real-time monitoring for proximity-based access and maintenance log activity.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2025-41690, endress-hauser, OSINT, promag-10-with-hart, promag-10-with-io-link, promag-10-with-modbus, promass-10-with-hart, promass-10-with-io-link, promass-10-with-modbus, threatintel

CVE Alert: CVE-2025-41690 – Endress+Hauser – Promag 10 with HART