Share: Email | Twitter

ID

VDE-2022-006

Published

2022-03-24 11:48 (CET)

Last update

2022-03-24 11:49 (CET)

Vendor(s)

Endress+Hauser AG

Product(s)

Article No° Product Name Affected Version(s)
SFP50-* FieldPort SFP50 (mobiLink) 1.31 <= 1.40
SMT50-*MH mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT50 1.31 <= 1.40
SMT70-*MH mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT70 1.31 <= 1.40
SMT70-*+MH mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT70 1.31 <= 1.40
SMT77-*MH mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT77 1.31 <= 1.40
SMT77-*+MH mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT77 1.31 <= 1.40
SMT70-*MJ mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT70 1.31 <= 1.40
SMT70-*+MJ mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT70 1.31 <= 1.40
SMT77-*MJ mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT77 1.31 <= 1.40
SMT77-*+MJ mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT77 1.31 <= 1.40

Summary

Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service.


Weakness

Out-of-bounds Write  (CWE-787) 

Summary

Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore


Impact

Please consult the CVE entry above.

Solution

Mitigation

Endress+Hauser recommends using the FieldPort SFP50 only in secure environment and to allow access to
the devices only to authorized persons.

Remediation

Currently no fix planned from chip supplier.

Reported by

CERT@VDE coordinated with Endress+Hauser