| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| SFP50-* | FieldPort SFP50 (mobiLink) | 1.31 <= 1.40 |
| SMT50-*MH | mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT50 | 1.31 <= 1.40 |
| SMT70-*MH | mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT70 | 1.31 <= 1.40 |
| SMT70-*+MH | mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT70 | 1.31 <= 1.40 |
| SMT77-*MH | mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT77 | 1.31 <= 1.40 |
| SMT77-*+MH | mobiLink Bluetooth and USB modem in bundle with Field Xpert SMT77 | 1.31 <= 1.40 |
| SMT70-*MJ | mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT70 | 1.31 <= 1.40 |
| SMT70-*+MJ | mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT70 | 1.31 <= 1.40 |
| SMT77-*MJ | mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT77 | 1.31 <= 1.40 |
| SMT77-*+MJ | mobiLink BT and USB modem CN+KR in bundle with Field Xpert SMT77 | 1.31 <= 1.40 |
Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service.
Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service in BlueCore
Please consult the CVE entry above.
Mitigation
Endress+Hauser recommends using the FieldPort SFP50 only in secure environment and to allow access to
the devices only to authorized persons.
Remediation
Currently no fix planned from chip supplier.
CERT@VDE coordinated with Endress+Hauser