Endress+Hauser: Multiple products affected by Qualcomm vulnerabilities

VDE-2025-107

Last update

12/05/2025 12:00

Published at

12/05/2025 12:00

Vendor(s)

Endress+Hauser AG

External ID

VDE-2025-107

CSAF Document

Download

Summary

Multiple vulnerabilities in a Qualcomm component have been reported in a closed-source report. This component is an integral part of the radio chip found in several Endress+Hauser products.

Impact

Due to the closed-source nature of the report, the impact remains uncertain. In the worst-case scenario, this could lead to a loss of availability, integrity, and confidentiality.

In the case of the Liquiline Edge Module EMR, integrity and confidentiality are not affected due to the system architecture. The TLS connection to the Netilion cloud is fully managed by the integrated Linux system, which ensures end-to-end encryption. The Qualcomm radio chip is only used to transmit already encrypted data over the mobile network. Nevertheless, a complete loss of availability is still possible.

Affected Product(s)

Model no.	Product name	Affected versions
CYY7	Endress+Hauser Liquiline Edge Module EMR	Firmware <01.02.00
5W8C	Endress+Hauser Promag W 800	Firmware <01.00.08

Vulnerabilities

Expand / Collapse all

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Incorrect Calculation of Buffer Size (CWE-131)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Write (CWE-787)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Write (CWE-787)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Write (CWE-787)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Validation of Array Index (CWE-129)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Write (CWE-787)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Write (CWE-787)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Validation of Array Index (CWE-129)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Incorrect Calculation of Buffer Size (CWE-131)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Integer Underflow (Wrap or Wraparound) (CWE-191)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Improper Input Validation (CWE-20)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Improper Input Validation (CWE-20)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Weakness

Improper Input Validation (CWE-20)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Integer Overflow or Wraparound (CWE-190)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weakness

Improper Access Control (CWE-284)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Write (CWE-787)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Write (CWE-787)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Validation of Array Index (CWE-129)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Integer Overflow or Wraparound (CWE-190)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Write (CWE-787)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Input Validation (CWE-20)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Input Validation (CWE-20)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Integer Overflow or Wraparound (CWE-190)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Incorrect Type Conversion or Cast (CWE-704)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Input Validation (CWE-20)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Access Control (CWE-284)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Integer Overflow or Wraparound (CWE-190)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Double Free (CWE-415)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Integer Overflow or Wraparound (CWE-190)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Write (CWE-787)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Write (CWE-787)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Out-of-bounds Write (CWE-787)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Integer Overflow or Wraparound (CWE-190)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Integer Overflow or Wraparound (CWE-190)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Integer Overflow or Wraparound (CWE-190)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Integer Overflow or Wraparound (CWE-190)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Validation of Array Index (CWE-129)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Integer Overflow or Wraparound (CWE-190)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Improper Validation of Array Index (CWE-129)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

NULL Pointer Dereference (CWE-476)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

NULL Pointer Dereference (CWE-476)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

NULL Pointer Dereference (CWE-476)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness

Use of Uninitialized Resource (CWE-908)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

NULL Pointer Dereference (CWE-476)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

NULL Pointer Dereference (CWE-476)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

Reachable Assertion (CWE-617)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

Reachable Assertion (CWE-617)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

Divide By Zero (CWE-369)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

Reachable Assertion (CWE-617)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness

Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness

Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weakness

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weakness

Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weakness

Improper Input Validation (CWE-20)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weakness

Integer Overflow or Wraparound (CWE-190)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weakness

Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weakness

Incomplete Cleanup (CWE-459)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weakness

Observable Discrepancy (CWE-203)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Weakness

Observable Discrepancy (CWE-203)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weakness

NULL Pointer Dereference (CWE-476)

References

cve.org | nvd.nist.gov

Published

01/20/2026 08:54

Severity

5.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L

Weakness

Out-of-bounds Read (CWE-125)

References

cve.org | nvd.nist.gov

Mitigation

If a firmware update is no longer possible, it is recommended to replace the device.

Remediation

Endress+Hauser has released an updated firmware for the affected device that includes a security patch for the radio chip to address this vulnerability. Customers are encouraged to update their devices to the latest firmware version as soon as possible. For assistance, please contact your local Endress+Hauser service center.

Acknowledgments

Endress+Hauser AG thanks the following parties for their efforts:

CERT@VDE for coordination (see https://certvde.com )

Revision History

Version	Date	Summary
1.0.0	12/05/2025 12:00	Initial version

Endress+Hauser: Multiple products affected by Qualcomm vulnerabilities

Summary

Impact

Affected Product(s)

Vulnerabilities

CVE-2022-33259 9.8

CVE-2022-33211 9.8

CVE-2022-25740 9.8

CVE-2022-25729 9.8

CVE-2022-25678 9.8

CVE-2020-3686 9.8

CVE-2020-11170 9.8

CVE-2019-2320 9.8

CVE-2019-2303 9.8

CVE-2019-14062 9.8

CVE-2019-10612 9.8

CVE-2019-10609 9.8

CVE-2019-10586 9.8

CVE-2019-10516 9.8

CVE-2019-10511 9.8

CVE-2019-10500 9.8

CVE-2019-10487 9.8

CVE-2020-3670 9.1

CVE-2020-3634 9.1

CVE-2020-11190 9.1

CVE-2020-11189 9.1

CVE-2020-11188 9.1

CVE-2020-11171 9.1

CVE-2020-11166 9.1

CVE-2020-11144 9.1

CVE-2019-14033 9.1

CVE-2019-14020 9.1

CVE-2019-14019 9.1

CVE-2019-14011 9.1

CVE-2019-10577 9.1

CVE-2019-10554 9.1

CVE-2019-10553 9.1

CVE-2019-10552 9.1

CVE-2020-11269 8.8

CVE-2020-11177 8.8

CVE-2022-25698 8.4

CVE-2022-25697 8.4

CVE-2022-25695 8.4

CVE-2023-21625 8.2

CVE-2022-33235 8.2

CVE-2022-33229 8.2

CVE-2022-33228 8.2

CVE-2022-33222 8.2

CVE-2022-25747 8.2

CVE-2022-25738 8.2

CVE-2022-25732 8.2

CVE-2022-25730 8.2

CVE-2022-25728 8.2

CVE-2022-25726 8.2

CVE-2020-11251 8.2

CVE-2020-11191 8.2

CVE-2020-3624 7.8

CVE-2020-3622 7.8

CVE-2020-11204 7.8

CVE-2020-11178 7.8

CVE-2019-14094 7.8

CVE-2019-14077 7.8

CVE-2019-14076 7.8

CVE-2019-14074 7.8

CVE-2019-14071 7.8

CVE-2019-14066 7.8

CVE-2019-14065 7.8

CVE-2019-14056 7.8

CVE-2019-14050 7.8

CVE-2019-14030 7.8

CVE-2019-14015 7.8

CVE-2019-14000 7.8

CVE-2019-13999 7.8

CVE-2019-13998 7.8

CVE-2019-13995 7.8

CVE-2019-13994 7.8

CVE-2019-10628 7.8

CVE-2019-10615 7.8

CVE-2019-10527 7.8

CVE-2022-33304 7.5