Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

Promass 83 devices utilizing 499ES EtherNet/IP (ENIP) Stack by Real Time Automation (RTA) are vulnerable to a stack-based buffer overflow.

Update A, 2021-10-07:

  • added credits
  • changed title from "ENDRESS+HAUSER: Promass 83 with Ether/IP affected by DoS vulnerability" to "ENDRESS+HAUSER: Promass 83 with EtherNet/IP affected by a stack-based buffer overflow"


Endress+Hauser products utilizing WPA2 are vulnerable to KRACK attacks.
Proline portfolio is a flow meter with an optional WLAN interface in the display. The flowmeters are only affected if the optional WLAN display is present.

The fdtCONTAINER component is integrated into an application (host application). The fdtCONTAINER application is a specific host application which integrates the fdtCONTAINER component.

The fdtCONTAINER component exchanges binary data blobs with such a host application. Typically, the host application saves these binary data blobs into a project storage (project file or a project database).

To manipulate the data inside the project storage, the attacker needs write access to this project storage. Additionally, the manipulated project needs to be opened by the host application. It depends on the host application whether opening the project requires a user action or not. In
fdtCONTAINER applications, the user has to open the manipulated project file manually.

In the case of opening a stored project, the deserialization of the manipulated data can be exploited.

The firmware release has a dynamic token for each request submitted to the server, which makes repeating requests and analysis complex enough. Nevertheless, it's possible and during the analysis it was discovered that it also has an issue with the access-control matrix on the server-side.

The affected device has a web-based user interface with a role-based access system. Users with different roles have different write and read privileges. The access system is based on dynamic "tokens".

Multiple security issues and vulnerabilities within the WPA2 standard have been identified and publicized by Mr. Mathy Vanhoef of KU Leuven. These vulnerabilities may allow the reinstallation of a pairwise transient key, a group key, or an integrity key on either a wireless client or a wireless access point (AP). In consequence, an attacker could establish a man-in-the-middle position between AP and client facilitating packet decryption and injection.

The Field Xpert SFX370 and SFX350 handhelds are manufactured by Pepperl+Fuchs/ecom instruments for Endress+Hauser.

The Advisory for Pepperl+Fuchs/ecom instruments can be found here: VDE-2017-005


By Vendor




(Scoring for CVSS 2.0,3.0+3.1)
No CVE available
0.1 <= 3.9
4.0 <= 6.9
7.0 <= 8.9
9.0 <= 10.0