VDE-2022-006
Vulnerability from csaf_endresshauserag - Published: 2022-03-24 10:48 - Updated: 2022-03-24 10:48Summary
Endress+Hauser: FieldPort SFP50 Memory Corruption in Bluetooth Controller Firmware
Notes
Summary: Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service.
Impact: Please consult the CVE entry above.
Mitigation: Endress+Hauser recommends using the FieldPort SFP50 only in secure environment and to allow access tothe devices only to authorized persons.
Remediation: Currently no fix planned from chip supplier.
Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore
6.5 (Medium)
Mitigation
Endress+Hauser recommends using the FieldPort SFP50 only in secure environment and to allow access tothe devices only to authorized persons.
No Fix Planned
Currently no fix planned from chip supplier.
References
| URL | Category | |
|---|---|---|
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service.",
"title": "Summary"
},
{
"category": "description",
"text": "Please consult the CVE entry above.",
"title": "Impact"
},
{
"category": "description",
"text": "Endress+Hauser recommends using the FieldPort SFP50 only in secure environment and to allow access tothe devices only to authorized persons.",
"title": "Mitigation"
},
{
"category": "description",
"text": "Currently no fix planned from chip supplier.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@endress.com",
"name": "Endress+Hauser AG",
"namespace": "https://www.endress.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2022-006: Endress+Hauser: FieldPort SFP50 Memory Corruption in Bluetooth Controller Firmware - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-006/"
},
{
"category": "self",
"summary": "VDE-2022-006: Endress+Hauser: FieldPort SFP50 Memory Corruption in Bluetooth Controller Firmware - CSAF",
"url": "https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-006.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.endress.com"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Endress+Hauser AG",
"url": "https://certvde.com/en/advisories/vendor/endress-hauser/"
}
],
"title": "Endress+Hauser: FieldPort SFP50 Memory Corruption in Bluetooth Controller Firmware",
"tracking": {
"aliases": [
"VDE-2022-006"
],
"current_release_date": "2022-03-24T10:48:00.000Z",
"generator": {
"date": "2025-04-28T08:42:41.132Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.24"
}
},
"id": "VDE-2022-006",
"initial_release_date": "2022-03-24T10:48:00.000Z",
"revision_history": [
{
"date": "2022-03-24T10:48:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "FieldPort SFP50 (mobiLink)",
"product": {
"name": "FieldPort SFP50 (mobiLink)",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"SFP50-*"
]
}
}
},
{
"category": "product_name",
"name": "mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT50",
"product": {
"name": "mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT50",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"SMT50-*MH"
]
}
}
},
{
"category": "product_name",
"name": "mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT70",
"product": {
"name": "mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT70",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"SMT70-*MH",
"SMT70-*+MH"
]
}
}
},
{
"category": "product_name",
"name": "mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT77",
"product": {
"name": "mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT77",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"SMT77-*+MH",
"SMT77-*MH"
]
}
}
},
{
"category": "product_name",
"name": "mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT70",
"product": {
"name": "mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT70",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"SMT70-*MJ",
"SMT70-*+MJ"
]
}
}
},
{
"category": "product_name",
"name": "mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT77",
"product": {
"name": "mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT77",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"SMT77-*+MJ",
"SMT77-*MJ"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1.31\u003c=1.40",
"product": {
"name": "Firmware 1.31\u003c=1.40",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Endress+Hauser"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.31\u003c=1.40 installed on FieldPort SFP50 (mobiLink)",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.31\u003c=1.40 installed on mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT50",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.31\u003c=1.40 installed on mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT70",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.31\u003c=1.40 installed on mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT70",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.31\u003c=1.40 installed on mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT77",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 1.31\u003c=1.40 installed on mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT77",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-35093",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Endress+Hauser recommends using the FieldPort SFP50 only in secure environment and to allow access tothe devices only to authorized persons.",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix planned from chip supplier.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-35093"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…