Bluetooth Device Vulnerability Exposing Maintenance User Passwords in Data Logging Systems
CVE-2025-41690

7.4HIGH

Key Information:

Vendor: Endress+hauser
Status: Promag 10 With Hart; Promag 10 With Io-link; Promag 10 With Modbus; Promass 10 With Hart
Vendor: CVE Published:; 2 September 2025

🔔 Create Endress+hauser Vulnerability Alert

What is CVE-2025-41690?

A vulnerability exists in certain Bluetooth-enabled data logging systems, which allows low-privileged attackers within Bluetooth range to view event logs. By exploiting this weakness, an attacker can potentially access the password of a higher-privileged user, specifically one with Maintenance access. This unauthorized visibility poses a risk, as it enables an attacker to authenticate as the Maintenance user, granting them access to sensitive configurations and the ability to modify critical device parameters.

Affected Version(s)

Promag 10 with HART 0 < 01.00.06

Promag 10 with IO-Link 0 < 01.00.02

Promag 10 with Modbus 0 < 01.00.06

References

https://certvde.com/en/advisories/VDE-2025-068

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Apr 16, 2025

JSON