| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| SFE100 | DeviceCare | <= 1.07.03 |
| DTM for Cerabar / 5xB/7xB / HART | <= 1.67.0.805 | |
| DTM for CLD18 / CI / CDI | <= 1.2.0.0 | |
| DTM for CM14 / CC / CDI | <= 1.2.0.0 | |
| DTM for CM14 / CI / CDI | <= 1.2.0.0 | |
| DTM for CM14 / DO / CDI | <= 1.2.0.0 | |
| DTM for CM14 / pH / CDI | <= 1.2.0.0 | |
| DTM for Deltabar / 5xB/7xB / HART | <= 1.67.0.805 | |
| DTM for Display / RID1x / CDI | <= 1.1.1.400 | |
| DTM for Dosimag / 5BH / CDI | <= 1.4.0.64 | |
| DTM for Dosimag / 5BH / MR4 | <= 1.4.1.78 | |
| DTM for Dosimass / 8BE / CDI | <= 1.4.0.112 | |
| DTM for Dosimass / 8BE / MR4 | <= 1.4.1.121 | |
| DTM for Ecograph T / RSG35 / CDI | <= 2.4.0.0 | |
| DTM for EngyCal / RH33 / CDI | <= 1.7.0.5 | |
| DTM for EngyCal / RS33 / CDI | <= 1.1.6.3352 | |
| DTM for Fieldgate /SFG500 / Profibus | <= 1.10.00 | |
| DTM for FXA195 / HART | <= 1.0.57 | |
| DTM for Gammapilot 5x / FMG50 / HART | <= 1.43.0.1953 | |
| DTM for iTEMP / TMT142B / HART | <= 3.1.4.795 | |
| DTM for iTEMP / TMT162 / HART | <= 1.13.132.5451 | |
| DTM for iTEMP / TMT71 / CDI | <= 1.13.18.5253 | |
| DTM for iTEMP / TMT72 / HART | <= 1.13.258.2304 | |
| DTM for iTEMP / TMT82 / HART | <= 1.10.423.4213 | |
| DTM for iTEMP / TMT82 / HART | <= 1.11.480.5368 | |
| DTM for Levelflex / FMP5x / FF | <= 1.11.0.1471 | |
| DTM for Levelflex / FMP 5x / HART | <= 1.10.1.2369 | |
| DTM for Levelflex / FMP 5x / PA | <= 1.11.0.1017 | |
| DTM for Liquiline CA80xx / CDI | <= 1.0.22.0 | |
| DTM for Liquiline / CA80xx / DP | <= 1.11.0.0 | |
| DTM for Liquiline / CM442 / CDI | <= 1.0.22.0 | |
| DTM for Liquiline CM44x / CDI | <= 1.0.22.0 | |
| DTM for Liquiline / CM44x / DP | <= 1.11.0.0 | |
| DTM for Liquiline Compact / CM82 / HART | <= 1.2.0.796 | |
| DTM for Liquiline Cond / CM42 / FF | <= 2.4.0.22 | |
| DTM for Liquiline Cond / CM42 / HART | <= 2.4.0.22 | |
| DTM for Liquiline Cond / CM42 / PA | <= 2.4.0.22 | |
| DTM for Liquiline Oxygen / CM42 / FF | <= 2.4.0.22 | |
| DTM for Liquiline Oxygen / CM42 / HART | <= 2.4.0.22 | |
| DTM for Liquiline Oxygen / CM42 / PA | <= 2.4.0.22 | |
| DTM for Liquiline pHORP / CM42 / FF | <= 2.4.0.22 | |
| DTM for Liquiline pHORP / CM42 / HART | <= 2.4.0.22 | |
| DTM for Liquiline pHORP / CM42 / PA | <= 2.4.0.22 | |
| DTM for Liquistation / CSF22 / CDI | <= 1.0.22.0 | |
| DTM for Liquistation / CSF48 / CDI | <= 1.0.22.0 | |
| DTM for Liquistation CSFxx / CDI | <= 1.0.22.0 | |
| DTM for Liquistation / CSFxx / DP | <= 1.11.0.0 | |
| DTM for Memograph M / RSG45 / CDI | <= 2.4.0.0 | |
| DTM for Micropilot / FMR20 / HART | <= 1.9.0.358 | |
| DTM for Micropilot / FMR5x / FF | <= 1.11.0.745 | |
| DTM for Micropilot / FMR5x / HART | <= 1.10.0.913 | |
| DTM for Micropilot / FMR5x / PA | <= 1.11.0.375 | |
| DTM for Micropilot / FMR6x / HART | <= 1.10.0.807 | |
| DTM for Promag 100 / 5x1B / DP | <= 1.7.0.86 | |
| DTM for Promag 100 / 5x1B / EIP | <= 1.6.0.175 | |
| DTM for Promag 100 / 5x1B / EIP-CDIE | <= 1.5.0.174 | |
| DTM for Promag 100 / 5x1B / HART | <= 1.3.0.201 | |
| DTM for Promag 100 / 5x1B / MR4 | <= 1.4.1.354 | |
| DTM for Promag 100 / 5x1B / MR4-CDIS | <= 1.4.1.354 | |
| DTM for Promag 100 / 5x1B / PNIO-CDIE | <= 1.6.0.37 | |
| DTM for Promag 10 / 5xBB / HART | <= 1.76.0.184 | |
| DTM for Promag 10 / 5xBB / HART-CDIS | <= 1.76.0.184 | |
| DTM for Promag 10 / 5xBB / MR4 | <= 1.76.0.159 | |
| DTM for Promag 10 / 5xBB / MR4-CDIS | <= 1.76.0.159 | |
| DTM for Promag 200 / 5x2B / FF | <= 1.6.0.73 | |
| DTM for Promag 200 / 5x2B / HART | <= 1.5.0.219 | |
| DTM for Promag 200 / 5x2B / PA | <= 1.7.0.57 | |
| DTM for Promag 300 500 / 5x3x 5x5x / DP | <= 1.11.0.65 | |
| DTM for Promag 300 500 / 5x3x 5x5x / EIP | <= 1.10.0.59 | |
| DTM for Promag 300 500 / 5x3x 5x5x / EIP-CDIE | <= 1.10.0.59 | |
| DTM for Promag 300 500 / 5x3x 5x5x / FF | <= 1.9.0.122 | |
| DTM for Promag 300 500 / 5x3x 5x5x / HART | <= 1.39.0.285 | |
| DTM for Promag 300 500 / 5x3x 5x5x / MR4 | <= 1.39.0.230 | |
| DTM for Promag 300 500 / 5x3x 5x5x / MR4-CDIE | <= 1.39.0.230 | |
| DTM for Promag 300 500 / 5x3x 5x5x / PA | <= 1.11.0.104 | |
| DTM for Promag 300 500 / 5x3x 5x5x / PA | <= 1.12.0.161 | |
| DTM for Promag 300 500 / 5x3x 5x5x / PN-CDIE | <= 1.39.0.136 | |
| DTM for Promag 400 / 5x4Bxx / HART | <= 1.0.0.349 | |
| DTM for Promag 400 / 5x4C / DP | <= 1.8.0.58 | |
| DTM for Promag 400 / 5x4C / EIP | <= 1.8.0.101 | |
| DTM for Promag 400 / 5x4C / EIP | <= 1.3.0.84 | |
| DTM for Promag 400 / 5x4C / HART | <= 1.3.0.132 | |
| DTM for Promag 400 / 5x4C / HART | <= 1.39.0.276 | |
| DTM for Promag 400 / 5x4C / MR4 | <= 1.39.0.191 | |
| DTM for Promag 400 / 5x4C / MR4-CDIE | <= 1.5.0.59 | |
| DTM for Promag 400 / 5x4C / MR4-CDIE | <= 1.10.0.148 | |
| DTM for Promag 400 / 5x4Cxx / HART | <= 1.0.0.32 | |
| DTM for Promass 100 / 8x1B / DP | <= 1.7.0.141 | |
| DTM for Promass 100 / 8x1B / EIP | <= 1.6.0.463 | |
| DTM for Promass 100 / 8x1B / EIP-CDIE | <= 1.5.0.463 | |
| DTM for Promass 100 / 8x1B / HART | <= 1.4.0.282 | |
| DTM for Promass 100 / 8x1B / MB | <= 1.4.1.519 | |
| DTM for Promass 100 / 8x1B / PNIO-CDIE | <= 1.6.0.70 | |
| DTM for Promass 100 / 8x1Bxx / MB | <= 1.0.0.0 | |
| DTM for Promass 100 / 8x1Bxx / MB | <= 1.4.0.513 | |
| DTM for Promass 100 / 8x1Bxx / MR4 | <= 1.2.0.476 | |
| DTM for Promass 10 / 8xBB / HART | <= 1.76.0.271 | |
| DTM for Promass 10 / 8xBB / HART-CDIS | <= 1.76.0.271 | |
| DTM for Promass 10 / 8xBB / MR4 | <= 1.76.0.158 | |
| DTM for Promass 10 / 8xBB / MR4-CDIS | <= 1.76.0.158 | |
| DTM for Promass 200 / 8x2B / FF | <= 1.3.0.150 | |
| DTM for Promass 200 / 8x2B / HART | <= 1.5.0.1133 | |
| DTM for Promass 200 / 8x2B / PA | <= 1.7.0.236 | |
| DTM for Promass 300 500 / 8x3x 8x5x / DP | <= 1.11.0.93 | |
| DTM for Promass 300 500 / 8x3x 8x5x / EIP | <= 1.10.0.94 | |
| DTM for Promass 300 500 / 8x3x 8x5x / EIP-CDIE | <= 1.10.0.94 | |
| DTM for Promass 300 500 / 8x3x 8x5x / FF | <= 1.9.0.197 | |
| DTM for Promass 300 500 / 8x3x 8x5x / HART | <= 1.39.0.646 | |
| DTM for Promass 300 500 / 8x3x 8x5x / MR4 | <= 1.39.0.289 | |
| DTM for Promass 300 500 / 8x3x 8x5x / MR4-CDIE | <= 1.39.0.289 | |
| DTM for Promass 300 500 / 8x3x 8x5x / PA | <= 1.12.0.193 | |
| DTM for Promass 300 500 / 8x3x 8x5x / PN-CDIE | <= 1.39.0.222 | |
| DTM for Proservo / NMS8x / HART | <= 1.9.2.887 | |
| DTM for Prosonic Flow 100 / 9E1B / CDI | <= 1.10.0.172 | |
| DTM for Prosonic Flow 100 / 9E1B / HART | <= 1.10.0.151 | |
| DTM for Prosonic Flow 300 500 / 9x3x 9x5x / HART | <= 1.45.0.327 | |
| DTM for Prosonic Flow 300 500 / 9x3x 9x5x / MR4 | <= 1.45.0.128 | |
| DTM for Prosonic Flow 300 500 / 9x3x 9x5x / MR4-CDIE | <= 1.38.0.88 | |
| DTM for Prosonic Flow 300 500 / 9x3x 9x5x / MR4-CDIE | <= 1.45.0.128 | |
| DTM for Prosonic Flow B 200 / 9B2B / HART | <= 1.6.0.800 | |
| DTM for Prothermo / NMT8x / HART | <= 1.73.0.317 | |
| DTM for Prowirl 200 / 7x2B / FF | <= 1.11.0.174 | |
| DTM for Prowirl 200 / 7x2B / HART | <= 1.12.0.537 | |
| DTM for Prowirl 200 / 7x2Bxx / PA | <= 1.11.0.135 | |
| DTM for RA33 / CDI | <= 1.1.6.3352 | |
| DTM for Tank Gauging Radar / NMR8x / HART | <= 1.9.2.799 | |
| DTM for Tank Side Monitor / NRF8x / HART | <= 1.9.2.669 | |
| DTM for t-mass 150 / 6xABxx / HART | <= 1.0.0.162 | |
| DTM for t-mass 150 L T 150 / 6xAB / HART | <= 1.2.0.42 | |
| DTM for t-mass 300 500 / 6x3B 6x5B / HART | <= 1.45.0.280 | |
| DTM for t-mass 300 500 / 6x3B 6x5B / MR4 | <= 1.45.0.127 | |
| DTM for t-mass 300 500 / 6x3B 6x5B / MR4-CDIE | <= 1.45.0.127 | |
| DTM for TrustSens / TM371-TM372 / HART | <= 1.11.301.4871 | |
| DTM library for SWA50 | <= 1.0.2.4 | |
| DTM library for SWA70 | <= 1.0.2.4 | |
| DTM library for SWG70 / WirelessHART | <= 1.0.2.4 | |
| SFE500 | FieldCare | <= 2.15.01 |
| SMT50 | Field Xpert | <= 1.05.03 |
| SMT70 | Field Xpert | <= 1.05.03 |
| SMT77 | Field Xpert | <= 1.05.03 |
| HoP DTM | <= 1.0.2 | |
| iDTM FF | <= 2.00.289 | |
| iDTM HART | <= 2.00.289 | |
| IO-Link IODD Interpreter DTM | <= 3.12.0 | |
| OPC Server for SWG70 | <= 1.00.01 | |
| OPC UA Connectivity Server | <= 1.3.7817 |
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
To exploit the vulnerability, the access rights of an authorized user or admin are required.
The impact of the vulnerability on the affected products may result in
The CVSS environmental score is specific to the customer's environment and should therefore be individually assessed by the customer to accomplish final scoring.
The original CVE refers to a network access scenario. With our products, it is a local access scenario. For this reason, the risk of exploiting this vulnerability is reduced.
Mitigation
Make sure that no unauthorized access to the production environment is possible.
Avoid using the above listed software with Windows administrator privileges if other users with lower privileges have access to the same software installation.
Remediation
Endress+Hauser has provided the following updates with remediation of the vulnerability:
Further updates are currently not planned by Endress+Hauser.
CodeWrights GmbH reported this vulnerability to ENDRESS+HAUSER.
CERT@VDE coordinated with ENDRESS+HAUSER.