VDE-2022-021
Vulnerability from csaf_pepperlfuchsse - Published: 2022-05-16 14:00 - Updated: 2025-05-22 13:03Summary
Pepperl+Fuchs: RSM-EX devices - Multiple Bluetooth vulnerabilities
Notes
Summary: Critical vulnerabilities have been discovered in the utilized Bluetooth component.
For more information see: https://kb.cert.org/vuls/id/799380
Impact: Pepperl+Fuchs analyzed and identified affected devices.
An unauthorized attacker could gain access to the audio communication and listen to the conversation via Bluetooth.
This attack can only be carried out at close range and is limited by the radio range of Bluetooth.
The impact of the vulnerabilities on the affected device may result in
information disclosure
Remediation: The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.
This can be used to detect an unauthenticated connection.
8.8 (High)
Vendor Fix
The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.
This can be used to detect an unauthenticated connection.
8.1 (High)
Vendor Fix
The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.
This can be used to detect an unauthenticated connection.
7.5 (High)
Vendor Fix
The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.
This can be used to detect an unauthenticated connection.
7.5 (High)
Vendor Fix
The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.
This can be used to detect an unauthenticated connection.
5.4 (Medium)
Vendor Fix
The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.
This can be used to detect an unauthenticated connection.
4.2 (Medium)
Vendor Fix
The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.
This can be used to detect an unauthenticated connection.
References
Acknowledgments
CERTVDE
certvde.com
Pepperl+Fuchs SE
www.pepperl-fuchs.com
{
"document": {
"acknowledgments": [
{
"organization": "CERTVDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"organization": "Pepperl+Fuchs SE",
"summary": "reporting",
"urls": [
"https://www.pepperl-fuchs.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Critical vulnerabilities have been discovered in the utilized Bluetooth component.\nFor more information see: https://kb.cert.org/vuls/id/799380",
"title": "Summary"
},
{
"category": "description",
"text": "Pepperl+Fuchs analyzed and identified affected devices.\n\nAn unauthorized attacker could gain access to the audio communication and listen to the conversation via Bluetooth.\nThis attack can only be carried out at close range and is limited by the radio range of Bluetooth.\n\nThe impact of the vulnerabilities on the affected device may result in\n\ninformation disclosure",
"title": "Impact"
},
{
"category": "description",
"text": "The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.\nThis can be used to detect an unauthenticated connection.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2022-021: Pepperl+Fuchs: RSM-EX devices - Multiple Bluetooth vulnerabilities - HTML",
"url": "https://certvde.com/de/advisories/VDE-2022-021/"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pepperl+Fuchs SE",
"url": "https://certvde.com/en/advisories/vendor/pepperl-fuchs/"
},
{
"category": "self",
"summary": "VDE-2022-021: Pepperl+Fuchs: RSM-EX devices - Multiple Bluetooth vulnerabilities - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-021.json"
}
],
"title": "Pepperl+Fuchs: RSM-EX devices - Multiple Bluetooth vulnerabilities",
"tracking": {
"aliases": [
"VDE-2022-021"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-05-05T08:28:30.224Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.24"
}
},
"id": "VDE-2022-021",
"initial_release_date": "2022-05-16T14:00:00.000Z",
"revision_history": [
{
"date": "2022-05-16T14:00:00.000Z",
"number": "1",
"summary": "initial revision"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RSM-EX01B product Family",
"product": {
"name": "RSM-EX01B product Family",
"product_id": "CSAFPID-11001"
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Firmware vers:all/*",
"product_id": "CSAFPID-21001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs SE"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware allversions installed on RSM-EX01B product Family",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-26559",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner\u0027s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue."
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.\nThis can be used to detect an unauthenticated connection.",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2020-26559"
},
{
"cve": "CVE-2020-26560",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey."
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.\nThis can be used to detect an unauthenticated connection.",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2020-26560"
},
{
"cve": "CVE-2020-26557",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time)."
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.\nThis can be used to detect an unauthenticated connection.",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2020-26557"
},
{
"cve": "CVE-2020-26556",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"category": "summary",
"text": "Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment."
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.\nThis can be used to detect an unauthenticated connection.",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2020-26556"
},
{
"cve": "CVE-2020-26555",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN."
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.\nThis can be used to detect an unauthenticated connection.",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.4,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.4,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2020-26555"
},
{
"cve": "CVE-2020-26558",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time."
}
],
"product_status": {
"known_affected": [
"CSAFPID-31001"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "The device will play a confirmation sound when a Bluetooth connection is successfully established and a status LED labeled BT indicates that a Bluetooth connection is active.\nThis can be used to detect an unauthenticated connection.",
"product_ids": [
"CSAFPID-31001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.2,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001"
]
}
],
"title": "CVE-2020-26558"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…