Impact Analysis

If exploited, this vulnerability allows attackers to gain unauthorized administrative access to the elevator emergency intercom device configuration.

Attackers could manipulate critical settings such as emergency contact phone numbers, potentially preventing emergency services or building management from being notified during an incident.

This could lead to serious safety risks in emergency situations where timely communication is essential.

Useful 0 Not Useful 0

Executive Summary

CVE-2025-4994 is an authentication bypass vulnerability affecting SafeLine SL6 and SL6+ devices used in elevator emergency intercom systems.

The vulnerability allows attackers within wireless range to bypass the PIN-based authentication via the Bluetooth Low Energy (BLE) interface and gain unauthorized administrative access to the device's configuration.

This bypass is possible due to a flaw in the PIN protection mechanism that can be exploited with a small number of requests.

Affected versions are from 4.82 up to 4.96, with a patch available in version 4.97 that removes the PIN authentication for BLE and restricts access to a short time window after reboot.

Useful 0 Not Useful 0

Detection Guidance

The vulnerability affects SafeLine SL6 and SL6+ devices via their Bluetooth Low Energy (BLE) interface, allowing authentication bypass. Detection would involve identifying these devices within wireless range and monitoring BLE communications for unauthorized access attempts.

A practical approach is to scan for BLE devices matching the SafeLine SL6 or SL6+ profiles and observe if there are repeated authentication requests or unusual configuration access attempts.

Specific commands are not provided in the available resources, but common BLE scanning tools such as 'bluetoothctl' or 'hcitool' on Linux can be used to detect BLE devices nearby.

• Use 'bluetoothctl scan on' to scan for BLE devices in range.
• Use 'hcitool lescan' to list BLE devices.
• Monitor BLE traffic with tools like 'btmon' or Wireshark with a BLE-capable adapter to detect suspicious authentication bypass attempts.

Useful 0 Not Useful 0

Mitigation Strategies

The recommended immediate mitigation is to disable the "Auto Enable BLE" setting on the affected SafeLine SL6 and SL6+ devices. This setting deactivates the BLE interface shortly after reboot, reducing the window of exposure.

The definitive solution is to update the device firmware to version 4.97 or later, which removes the vulnerable PIN authentication feature for BLE and restricts BLE access to a brief time window after reboot.

Until the firmware update can be applied, disabling the BLE interface when not needed and limiting physical or wireless access to the devices can help reduce risk.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows attackers to bypass authentication and gain unauthorized administrative access to elevator emergency intercom devices, potentially manipulating critical settings such as emergency contact phone numbers.

Such unauthorized access and manipulation could lead to failures in notifying emergency services or building management during incidents, which may result in non-compliance with safety and security requirements embedded in common standards and regulations.

While the provided information does not explicitly mention GDPR, HIPAA, or other specific regulations, the ability to compromise emergency communication systems could indirectly impact compliance with regulations that mandate secure and reliable emergency response mechanisms.

Useful 0 Not Useful 0