CVE-2025-41690

Name of the Vulnerable Software and Affected Versions Endress+Hauser Promag 10 versions (affected versions not specified)

Description A low-privileged attacker within Bluetooth range may be able to access the password of a higher-privilege user (Maintenance) by viewing the device’s event log. This could allow the Operator to authenticate as the Maintenance user, gaining unauthorized access to sensitive configuration settings and the ability to modify device parameters.

Recommendations Restrict Bluetooth access. Audit event logs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.