VDE-2022-021
Last update
05/22/2025 15:03
Published at
05/16/2022 16:00
Vendor(s)
Pepperl+Fuchs SE
External ID
VDE-2022-021
CSAF Document
Summary
Critical vulnerabilities have been discovered in the utilized Bluetooth component.
For more information see: https://kb.cert.org/vuls/id/799380
Impact
Pepperl+Fuchs analyzed and identified affected devices.
An unauthorized attacker could gain access to the audio communication and listen to the conversation via Bluetooth.
This attack can only be carried out at close range and is limited by the radio range of Bluetooth.
The impact of the vulnerabilities on the affected device may result in
information disclosure
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| RSM-EX01B product Family | Firmware vers:all/* |
Vulnerabilities
Expand / Collapse all
Published
09/22/2025 14:57
Severity
Weakness
Improper Restriction of Excessive Authentication Attempts (CWE-307)
References
Remediation
The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.
This can be used to detect an unauthenticated connection.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 05/16/2022 16:00 | initial revision |
| 2 | 05/22/2025 15:03 | Fix: quotation mark |