Endress+Hauser: Proline 10 Maintenance credentials may be exposed under certain conditions

A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

通过日志文件的信息暴露

Endress+hauser Ecograph 日志信息泄露漏洞

Endress+hauser Ecograph是瑞士Endress+hauser公司的一个数据记录仪。用于安全、完整地记录和​​可视化所有过程序列。 Endress+hauser Ecograph存在日志信息泄露漏洞，该漏洞源于密码泄露，可能导致低权限用户通过查看事件日志获取高权限用户密码。

N/A

N/A