Can you explain this vulnerability to me?

This vulnerability allows a low-privileged attacker within Bluetooth range to access the password of a higher-privilege Maintenance user by viewing the device's event log, which improperly logs sensitive information. This enables the attacker, who initially has Operator-level access, to escalate privileges to Maintenance-level, gaining unauthorized access to sensitive device functions and settings. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

An attacker exploiting this vulnerability can modify all Maintenance parameters, change device settings, initiate device resets causing downtime, restore factory defaults, reconfigure diagnostic parameters, disable Bluetooth communication, and alter the 4–20 mA analog output range. This can lead to unauthorized control over the device, potential operational disruptions, and compromise of device integrity and availability. [1]

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection involves checking the device's event log for exposure of the Maintenance user's password, as the vulnerability stems from sensitive information being logged improperly. Since the issue occurs on Endress+Hauser Proline 10 devices within Bluetooth range, monitoring Bluetooth connections and reviewing event logs on affected devices can help detect exploitation attempts. Specific commands are not provided in the resources. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating the device firmware to versions 01.00.06 (HART/Modbus) or 01.00.02 (IO-Link) or later, as released by Endress+Hauser. Additionally, disabling Bluetooth communication when not in use reduces the risk of exploitation. Customers should contact Endress+Hauser service centers for assistance with updates. [1]

Useful 0 Not Useful 0