Back to overview

Endress+Hauser: Multiple products affected by SopasET interface vulnerability

VDE-2026-045
Last update
07/16/2026 12:00
Published at
07/16/2026 12:00
Vendor(s)
Endress+Hauser AG
External ID
VDE-2026-045
CSAF Document

Summary

A vulnerability was discovered in several Endress+Hauser products that can be accessed via ethernet.

Impact

This vulnerability allows a remote unauthenticated attacker to modify the IP address of the
product through the SopasET interface, potentially leading to Denial of Service. There are currently no
known public exploits specifically targeting this vulnerability.

Affected Product(s)

Model no. Product name Affected versions
FLPS All Firmware versions
GM32 All Firmware versions
GMS800 All Firmware versions
GMS800 FIDOR All Firmware versions
MARSIC200 All Firmware versions
MARSIC280 All Firmware versions
MARSIC300 All Firmware versions
MCS100FT All Firmware versions
MCS200HW All Firmware versions
MCS300P All Firmware versions
MCU ETH-Service and Modbus-TCP Module All Firmware versions
MERCEM300Z All Firmware versions
MES1B B&B Converter All Firmware versions
SAM800 All Firmware versions
SIPROCESS All Firmware versions
VICOTEC320 All Firmware versions

Vulnerabilities

Expand / Collapse all

Published
07/16/2026 09:15
Weakness
Missing Authentication for Critical Function (CWE-306)
Summary

A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.

References

Mitigation

Restrict device access to trusted and authorized entities only. Apply the general security measures during product operation to mitigate the identified security risk.
Refer to the ICS‑CERT Recommended Practices for Industrial Security for additional guidance.

Remediation

No remediation available.

Acknowledgments

Endress+Hauser AG thanks the following parties for their efforts:

Revision History

Version Date Summary
1.0.0 07/16/2026 12:00 Initial version