Summary
Vulnerable components expose sensitive information to unauthorized actors through an unsecured configuration interface. Vulnerable firmware releases contain an unsecured configuration interface that allows retrieval of sensitive information such as hashed credentials.
It was found that users with no or low rights can access information from devices that should not be available to them.
An attacker can use this information to impersonate authorized users.
Impact
An unauthenticated attacker can obtain sensitive information, potentially enabling authenticated device modification.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| CVE Reference Score | ||
| PS21.???????H? | VEGAPULS 21 Two-wire 4_20 mA/HART | Firmware < 1.2.3 |
| PS31.???????H? | VEGAPULS 31 Two-wire 4_20 mA/HART | Firmware < 1.2.3 |
| PS42.???????????? | VEGAPULS 42 Three-wire IO-Link, Transistor, 4_20 mA | Firmware < 1.2.1 |
| PS6X.2???????????I???????? | VEGAPULS 6X Four-wire 4_20 mA/HART; 9.6_48 V DC; 20_42 V AC | Firmware < 1.3.2, Firmware >= 1.4.0 and < 1.4.1 |
| PS6X.2???????????B???????? | VEGAPULS 6X Four-wire 4_20 mA/HART; 90_253 V AC; 50/60 Hz | Firmware < 1.3.2, Firmware >= 1.4.0 and < 1.4.1 |
| PS6X.2???????????W???????? | VEGAPULS 6X Four-wire Modbus | Firmware = 1.4.0, Firmware < 1.3.2 |
| PS6X.????????????H???????? | VEGAPULS 6X Two-wire 4_20 mA/HART | Firmware >= 1.4.0 and < 1.4.1, Firmware < 1.3.2 |
| PS6X.2???????????9???????? | VEGAPULS 6X Two-wire 4_20 mA/HART plus second current output 4_20 mA | Firmware < 1.3.2, Firmware >= 1.4.0 and < 1.4.1 |
| PS6X.2???????????A???????? | VEGAPULS 6X Two-wire 4_20 mA/HART with overvoltage protection (Not for Ex Zone 0, 20; not for Div 1) | Firmware < 1.3.2, Firmware >= 1.4.0 and < 1.4.1 |
| PS6X.2???????????X???????? | VEGAPULS 6X Two-wire EtherNet/IP, Modbus TCP, OPC UA (Ethernet-APL) | Firmware < 1.1.1 |
| PS6X.2???????????P???????? | VEGAPULS 6X Two-wire Profibus PA | Firmware < 1.0.1 |
| PSC21.???????W? | VEGAPULS C 21 Four-wire Modbus | Firmware < 1.2.2 |
| PSC21.???????H? | VEGAPULS C 21 Two-wire 4_20 mA/HART | Firmware < 1.2.3 |
| PSC22.???????W? | VEGAPULS C 22 Four-wire Modbus | Firmware < 1.2.2 |
| PSC22.???????H? | VEGAPULS C 22 Two-wire 4_20 mA/HART | Firmware < 1.2.3 |
| PSC23.???????W? | VEGAPULS C 23 Four-wire Modbus | Firmware < 1.2.2 |
| PSC23.???????H? | VEGAPULS C 23 Two-wire 4_20 mA/HART | Firmware < 1.2.3 |
Vulnerabilities
Expand / Collapse allAn unsecured configuration interface on the affected devices allows an authenticated attacker with adjacent access (with Bluetooth) to gain sensitive information like hashed credentials and access codes.
Mitigation
Implement access controls for physical interfaces to prevent unauthorized access.
Remediation
Update to the fixed firmware versions listed in this advisory. Rotate any credentials used on affected devices as they may have been compromised. Contact VEGA Support if emergency code rotation is necessary based on your risk assessment.
Acknowledgments
VEGA Grieshaber KG thanks the following parties for their efforts:
- CERT@VDE for coordination (see https://certvde.com )
- Product Security Unit at VEGA Grieshaber KG for reporting (see https://www.vega.com )
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 05/04/2026 08:00 | Initial Release |
| 1.0.1 | 05/04/2026 11:00 | Updated Title |