Share: Email | Twitter

ID

VDE-2021-044

Published

2022-01-20 09:06 (CET)

Last update

2022-01-20 09:06 (CET)

Vendor(s)

Endress+Hauser AG

Product(s)

Article No° Product Name Affected Version(s)
SFE100 DeviceCare <= 1.07.03
DTM for Cerabar / 5xB/7xB / HART <= 1.67.0.805
DTM for CLD18 / CI / CDI <= 1.2.0.0
DTM for CM14 / CC / CDI <= 1.2.0.0
DTM for CM14 / CI / CDI <= 1.2.0.0
DTM for CM14 / DO / CDI <= 1.2.0.0
DTM for CM14 / pH / CDI <= 1.2.0.0
DTM for Deltabar / 5xB/7xB / HART <= 1.67.0.805
DTM for Display / RID1x / CDI <= 1.1.1.400
DTM for Dosimag / 5BH / CDI <= 1.4.0.64
DTM for Dosimag / 5BH / MR4 <= 1.4.1.78
DTM for Dosimass / 8BE / CDI <= 1.4.0.112
DTM for Dosimass / 8BE / MR4 <= 1.4.1.121
DTM for Ecograph T / RSG35 / CDI <= 2.4.0.0
DTM for EngyCal / RH33 / CDI <= 1.7.0.5
DTM for EngyCal / RS33 / CDI <= 1.1.6.3352
DTM for Fieldgate /SFG500 / Profibus <= 1.10.00
DTM for FXA195 / HART <= 1.0.57
DTM for Gammapilot 5x / FMG50 / HART <= 1.43.0.1953
DTM for iTEMP / TMT142B / HART <= 3.1.4.795
DTM for iTEMP / TMT162 / HART <= 1.13.132.5451
DTM for iTEMP / TMT71 / CDI <= 1.13.18.5253
DTM for iTEMP / TMT72 / HART <= 1.13.258.2304
DTM for iTEMP / TMT82 / HART <= 1.10.423.4213
DTM for iTEMP / TMT82 / HART <= 1.11.480.5368
DTM for Levelflex / FMP5x / FF <= 1.11.0.1471
DTM for Levelflex / FMP 5x / HART <= 1.10.1.2369
DTM for Levelflex / FMP 5x / PA <= 1.11.0.1017
DTM for Liquiline CA80xx / CDI <= 1.0.22.0
DTM for Liquiline / CA80xx / DP <= 1.11.0.0
DTM for Liquiline / CM442 / CDI <= 1.0.22.0
DTM for Liquiline CM44x / CDI <= 1.0.22.0
DTM for Liquiline / CM44x / DP <= 1.11.0.0
DTM for Liquiline Compact / CM82 / HART <= 1.2.0.796
DTM for Liquiline Cond / CM42 / FF <= 2.4.0.22
DTM for Liquiline Cond / CM42 / HART <= 2.4.0.22
DTM for Liquiline Cond / CM42 / PA <= 2.4.0.22
DTM for Liquiline Oxygen / CM42 / FF <= 2.4.0.22
DTM for Liquiline Oxygen / CM42 / HART <= 2.4.0.22
DTM for Liquiline Oxygen / CM42 / PA <= 2.4.0.22
DTM for Liquiline pHORP / CM42 / FF <= 2.4.0.22
DTM for Liquiline pHORP / CM42 / HART <= 2.4.0.22
DTM for Liquiline pHORP / CM42 / PA <= 2.4.0.22
DTM for Liquistation / CSF22 / CDI <= 1.0.22.0
DTM for Liquistation / CSF48 / CDI <= 1.0.22.0
DTM for Liquistation CSFxx / CDI <= 1.0.22.0
DTM for Liquistation / CSFxx / DP <= 1.11.0.0
DTM for Memograph M / RSG45 / CDI <= 2.4.0.0
DTM for Micropilot / FMR20 / HART <= 1.9.0.358
DTM for Micropilot / FMR5x / FF <= 1.11.0.745
DTM for Micropilot / FMR5x / HART <= 1.10.0.913
DTM for Micropilot / FMR5x / PA <= 1.11.0.375
DTM for Micropilot / FMR6x / HART <= 1.10.0.807
DTM for Promag 100 / 5x1B / DP <= 1.7.0.86
DTM for Promag 100 / 5x1B / EIP <= 1.6.0.175
DTM for Promag 100 / 5x1B / EIP-CDIE <= 1.5.0.174
DTM for Promag 100 / 5x1B / HART <= 1.3.0.201
DTM for Promag 100 / 5x1B / MR4 <= 1.4.1.354
DTM for Promag 100 / 5x1B / MR4-CDIS <= 1.4.1.354
DTM for Promag 100 / 5x1B / PNIO-CDIE <= 1.6.0.37
DTM for Promag 10 / 5xBB / HART <= 1.76.0.184
DTM for Promag 10 / 5xBB / HART-CDIS <= 1.76.0.184
DTM for Promag 10 / 5xBB / MR4 <= 1.76.0.159
DTM for Promag 10 / 5xBB / MR4-CDIS <= 1.76.0.159
DTM for Promag 200 / 5x2B / FF <= 1.6.0.73
DTM for Promag 200 / 5x2B / HART <= 1.5.0.219
DTM for Promag 200 / 5x2B / PA <= 1.7.0.57
DTM for Promag 300 500 / 5x3x 5x5x / DP <= 1.11.0.65
DTM for Promag 300 500 / 5x3x 5x5x / EIP <= 1.10.0.59
DTM for Promag 300 500 / 5x3x 5x5x / EIP-CDIE <= 1.10.0.59
DTM for Promag 300 500 / 5x3x 5x5x / FF <= 1.9.0.122
DTM for Promag 300 500 / 5x3x 5x5x / HART <= 1.39.0.285
DTM for Promag 300 500 / 5x3x 5x5x / MR4 <= 1.39.0.230
DTM for Promag 300 500 / 5x3x 5x5x / MR4-CDIE <= 1.39.0.230
DTM for Promag 300 500 / 5x3x 5x5x / PA <= 1.11.0.104
DTM for Promag 300 500 / 5x3x 5x5x / PA <= 1.12.0.161
DTM for Promag 300 500 / 5x3x 5x5x / PN-CDIE <= 1.39.0.136
DTM for Promag 400 / 5x4Bxx / HART <= 1.0.0.349
DTM for Promag 400 / 5x4C / DP <= 1.8.0.58
DTM for Promag 400 / 5x4C / EIP <= 1.8.0.101
DTM for Promag 400 / 5x4C / EIP <= 1.3.0.84
DTM for Promag 400 / 5x4C / HART <= 1.3.0.132
DTM for Promag 400 / 5x4C / HART <= 1.39.0.276
DTM for Promag 400 / 5x4C / MR4 <= 1.39.0.191
DTM for Promag 400 / 5x4C / MR4-CDIE <= 1.5.0.59
DTM for Promag 400 / 5x4C / MR4-CDIE <= 1.10.0.148
DTM for Promag 400 / 5x4Cxx / HART <= 1.0.0.32
DTM for Promass 100 / 8x1B / DP <= 1.7.0.141
DTM for Promass 100 / 8x1B / EIP <= 1.6.0.463
DTM for Promass 100 / 8x1B / EIP-CDIE <= 1.5.0.463
DTM for Promass 100 / 8x1B / HART <= 1.4.0.282
DTM for Promass 100 / 8x1B / MB <= 1.4.1.519
DTM for Promass 100 / 8x1B / PNIO-CDIE <= 1.6.0.70
DTM for Promass 100 / 8x1Bxx / MB <= 1.0.0.0
DTM for Promass 100 / 8x1Bxx / MB <= 1.4.0.513
DTM for Promass 100 / 8x1Bxx / MR4 <= 1.2.0.476
DTM for Promass 10 / 8xBB / HART <= 1.76.0.271
DTM for Promass 10 / 8xBB / HART-CDIS <= 1.76.0.271
DTM for Promass 10 / 8xBB / MR4 <= 1.76.0.158
DTM for Promass 10 / 8xBB / MR4-CDIS <= 1.76.0.158
DTM for Promass 200 / 8x2B / FF <= 1.3.0.150
DTM for Promass 200 / 8x2B / HART <= 1.5.0.1133
DTM for Promass 200 / 8x2B / PA <= 1.7.0.236
DTM for Promass 300 500 / 8x3x 8x5x / DP <= 1.11.0.93
DTM for Promass 300 500 / 8x3x 8x5x / EIP <= 1.10.0.94
DTM for Promass 300 500 / 8x3x 8x5x / EIP-CDIE <= 1.10.0.94
DTM for Promass 300 500 / 8x3x 8x5x / FF <= 1.9.0.197
DTM for Promass 300 500 / 8x3x 8x5x / HART <= 1.39.0.646
DTM for Promass 300 500 / 8x3x 8x5x / MR4 <= 1.39.0.289
DTM for Promass 300 500 / 8x3x 8x5x / MR4-CDIE <= 1.39.0.289
DTM for Promass 300 500 / 8x3x 8x5x / PA <= 1.12.0.193
DTM for Promass 300 500 / 8x3x 8x5x / PN-CDIE <= 1.39.0.222
DTM for Proservo / NMS8x / HART <= 1.9.2.887
DTM for Prosonic Flow 100 / 9E1B / CDI <= 1.10.0.172
DTM for Prosonic Flow 100 / 9E1B / HART <= 1.10.0.151
DTM for Prosonic Flow 300 500 / 9x3x 9x5x / HART <= 1.45.0.327
DTM for Prosonic Flow 300 500 / 9x3x 9x5x / MR4 <= 1.45.0.128
DTM for Prosonic Flow 300 500 / 9x3x 9x5x / MR4-CDIE <= 1.38.0.88
DTM for Prosonic Flow 300 500 / 9x3x 9x5x / MR4-CDIE <= 1.45.0.128
DTM for Prosonic Flow B 200 / 9B2B / HART <= 1.6.0.800
DTM for Prothermo / NMT8x / HART <= 1.73.0.317
DTM for Prowirl 200 / 7x2B / FF <= 1.11.0.174
DTM for Prowirl 200 / 7x2B / HART <= 1.12.0.537
DTM for Prowirl 200 / 7x2Bxx / PA <= 1.11.0.135
DTM for RA33 / CDI <= 1.1.6.3352
DTM for Tank Gauging Radar / NMR8x / HART <= 1.9.2.799
DTM for Tank Side Monitor / NRF8x / HART <= 1.9.2.669
DTM for t-mass 150 / 6xABxx / HART <= 1.0.0.162
DTM for t-mass 150 L T 150 / 6xAB / HART <= 1.2.0.42
DTM for t-mass 300 500 / 6x3B 6x5B / HART <= 1.45.0.280
DTM for t-mass 300 500 / 6x3B 6x5B / MR4 <= 1.45.0.127
DTM for t-mass 300 500 / 6x3B 6x5B / MR4-CDIE <= 1.45.0.127
DTM for TrustSens / TM371-TM372 / HART <= 1.11.301.4871
DTM library for SWA50 <= 1.0.2.4
DTM library for SWA70 <= 1.0.2.4
DTM library for SWG70 / WirelessHART <= 1.0.2.4
SFE500 FieldCare <= 2.15.01
SMT50 Field Xpert <= 1.05.03
SMT70 Field Xpert <= 1.05.03
SMT77 Field Xpert <= 1.05.03
HoP DTM <= 1.0.2
iDTM FF <= 2.00.289
iDTM HART <= 2.00.289
IO-Link IODD Interpreter DTM <= 3.12.0
OPC Server for SWG70 <= 1.00.01
OPC UA Connectivity Server <= 1.3.7817

Summary

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.


Last Update:

Nov. 24, 2021, 9:50 a.m.

Weakness

Improper Restriction of XML External Entity Reference  (CWE-611) 

Summary

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.


Impact

To exploit the vulnerability, the access rights of an authorized user or admin are required. 

The impact of the vulnerability on the affected products may result in

  • Denial of Service
  • Loss of Credentials
  • Code Execution

The CVSS environmental score is specific to the customer's environment and should therefore be individually assessed by the customer to accomplish final scoring.

The original CVE refers to a network access scenario. With our products, it is a local access scenario. For this reason, the risk of exploiting this vulnerability is reduced.

Solution

Mitigation

Make sure that no unauthorized access to the production environment is possible.
Avoid using the above listed software with Windows administrator privileges if other users with lower privileges have access to the same software installation.


Remediation

Endress+Hauser has provided the following updates with remediation of the vulnerability:

  • FieldCare Version 2.16
  • DeviceCare Version 1.07.05
  • Field Xpert Version 1.05.05
  • OPC UA Connectivity Server Version 1.3.7818

Further updates are currently not planned by Endress+Hauser.

Reported by

CodeWrights GmbH reported this vulnerability to ENDRESS+HAUSER.
CERT@VDE coordinated with ENDRESS+HAUSER.