Back to overview

Endress+Hauser: FieldPort SFP50 Memory Corruption in Bluetooth Controller Firmware

VDE-2022-006
Last update
03/24/2022 11:48
Published at
03/24/2022 11:48
Vendor(s)
Endress+Hauser AG
External ID
VDE-2022-006
CSAF Document

Summary

Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service.

Impact

Please consult the CVE entry above.

Affected Product(s)

Model no. Product name Affected versions
SFP50-* FieldPort SFP50 (mobiLink) Firmware 1.31<=1.40
SMT70-*MJ, SMT70-*+MJ mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT70 Firmware 1.31<=1.40
SMT77-*+MJ, SMT77-*MJ mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT77 Firmware 1.31<=1.40
SMT50-*MH mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT50 Firmware 1.31<=1.40
SMT70-*MH, SMT70-*+MH mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT70 Firmware 1.31<=1.40
SMT77-*+MH, SMT77-*MH mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT77 Firmware 1.31<=1.40

Vulnerabilities

Expand / Collapse all

Published
09/24/2025 12:42
Weakness
Out-of-bounds Write (CWE-787)
Summary

Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore

References

Mitigation

Endress+Hauser recommends using the FieldPort SFP50 only in secure environment and to allow access tothe devices only to authorized persons.

Remediation

Currently no fix planned from chip supplier.

Acknowledgments

Endress+Hauser AG thanks the following parties for their efforts:

Revision History

Version Date Summary
1 03/24/2022 11:48 Initial revision.