Summary
A vulnerability was discovered in several Endress+Hauser products that can be accessed via ethernet.
Impact
This vulnerability allows a remote unauthenticated attacker to modify the IP address of the
product through the SopasET interface, potentially leading to Denial of Service. There are currently no
known public exploits specifically targeting this vulnerability.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| FLPS | All Firmware versions | |
| GM32 | All Firmware versions | |
| GMS800 | All Firmware versions | |
| GMS800 FIDOR | All Firmware versions | |
| MARSIC200 | All Firmware versions | |
| MARSIC280 | All Firmware versions | |
| MARSIC300 | All Firmware versions | |
| MCS100FT | All Firmware versions | |
| MCS200HW | All Firmware versions | |
| MCS300P | All Firmware versions | |
| MCU ETH-Service and Modbus-TCP Module | All Firmware versions | |
| MERCEM300Z | All Firmware versions | |
| MES1B B&B Converter | All Firmware versions | |
| SAM800 | All Firmware versions | |
| SIPROCESS | All Firmware versions | |
| VICOTEC320 | All Firmware versions |
Vulnerabilities
Expand / Collapse allA vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.
Mitigation
Restrict device access to trusted and authorized entities only. Apply the general security measures during product operation to mitigate the identified security risk.
Refer to the ICS‑CERT Recommended Practices for Industrial Security for additional guidance.
Remediation
No remediation available.
Acknowledgments
Endress+Hauser AG thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 16.07.2026 12:00 | Initial version |