Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities by Auma

    CVE-2025-41657 (GCVE-0-2025-41657)

    Vulnerability from nvd – Published: 2025-06-10 10:46 – Updated: 2025-06-10 14:25
    VLAI
    Title
    AUMA: Incorrect delivery status of the Bluetooth configuration
    Summary
    Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-207 - Observable Behavioral Discrepancy With Equivalent Products
    Assigner
    References
    Impacted products
    Vendor Product Version
    Auma AC1.2 Affected: 01.01.2024 , < 09.05.2025 (semver)
    Create a notification for this product.
    Auma PROFOX Affected: 01.01.2024 , < 09.05.2025 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41657",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T14:25:31.913039Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T14:25:52.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "AC1.2",
              "vendor": "Auma",
              "versions": [
                {
                  "lessThan": "09.05.2025",
                  "status": "affected",
                  "version": "01.01.2024",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PROFOX",
              "vendor": "Auma",
              "versions": [
                {
                  "lessThan": "09.05.2025",
                  "status": "affected",
                  "version": "01.01.2024",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker."
                }
              ],
              "value": "Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-207",
                  "description": "CWE-207 Observable Behavioral Discrepancy With Equivalent Products",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T10:46:30.034Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-047"
            }
          ],
          "source": {
            "advisory": "VDE-2025-047",
            "defect": [
              "CERT@VDE#641788"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "AUMA: Incorrect delivery status of the Bluetooth configuration",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41657",
        "datePublished": "2025-06-10T10:46:30.034Z",
        "dateReserved": "2025-04-16T11:17:48.306Z",
        "dateUpdated": "2025-06-10T14:25:52.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3496 (GCVE-0-2025-3496)

    Vulnerability from nvd – Published: 2025-05-12 08:01 – Updated: 2025-05-16 09:00
    VLAI
    Title
    AUMA Riester: Buffer overflow in service telegram
    Summary
    An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Auma Riester AC1.2 Affected: 06.00.00 , < 06.09.04 (semver)
    Create a notification for this product.
    Auma Riester MEC 03.01 Affected: 0 , < 01.02.00 (semver)
    Create a notification for this product.
    Auma Riester PROFOX Affected: 0 , < 01-01.10.00 (semver)
    Create a notification for this product.
    Auma Riester SGx/SVx Affected: 03.00.00 , < 03.05.01 (semver)
    Create a notification for this product.
    Auma Riester TIGRON Affected: 0 , < 01-01.09.00 (semver)
    Create a notification for this product.
    Auma Riester TIGRON SIL Affected: 0 , < 02-01.01.00 (semver)
    Create a notification for this product.
    Credits
    Dennis Schaefer from ONEKEY GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3496",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T14:30:11.496582Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T14:32:49.221Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "AC1.2",
              "vendor": "Auma Riester",
              "versions": [
                {
                  "lessThan": "06.09.04",
                  "status": "affected",
                  "version": "06.00.00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MEC 03.01",
              "vendor": "Auma Riester",
              "versions": [
                {
                  "lessThan": "01.02.00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PROFOX",
              "vendor": "Auma Riester",
              "versions": [
                {
                  "lessThan": "01-01.10.00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SGx/SVx",
              "vendor": "Auma Riester",
              "versions": [
                {
                  "lessThan": "03.05.01",
                  "status": "affected",
                  "version": "03.00.00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TIGRON",
              "vendor": "Auma Riester",
              "versions": [
                {
                  "lessThan": "01-01.09.00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TIGRON SIL",
              "vendor": "Auma Riester",
              "versions": [
                {
                  "lessThan": "02-01.01.00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Dennis Schaefer from ONEKEY GmbH"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface."
                }
              ],
              "value": "An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-16T09:00:16.307Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2025-026"
            }
          ],
          "source": {
            "advisory": "VDE-2025-026",
            "defect": [
              "CERT@VDE#641760"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "AUMA Riester: Buffer overflow in service telegram",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-3496",
        "datePublished": "2025-05-12T08:01:57.671Z",
        "dateReserved": "2025-04-10T08:26:28.797Z",
        "dateUpdated": "2025-05-16T09:00:16.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-41657 (GCVE-0-2025-41657)

    Vulnerability from cvelistv5 – Published: 2025-06-10 10:46 – Updated: 2025-06-10 14:25
    VLAI
    Title
    AUMA: Incorrect delivery status of the Bluetooth configuration
    Summary
    Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-207 - Observable Behavioral Discrepancy With Equivalent Products
    Assigner
    References
    Impacted products
    Vendor Product Version
    Auma AC1.2 Affected: 01.01.2024 , < 09.05.2025 (semver)
    Create a notification for this product.
    Auma PROFOX Affected: 01.01.2024 , < 09.05.2025 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-41657",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-10T14:25:31.913039Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-10T14:25:52.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "AC1.2",
              "vendor": "Auma",
              "versions": [
                {
                  "lessThan": "09.05.2025",
                  "status": "affected",
                  "version": "01.01.2024",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PROFOX",
              "vendor": "Auma",
              "versions": [
                {
                  "lessThan": "09.05.2025",
                  "status": "affected",
                  "version": "01.01.2024",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker."
                }
              ],
              "value": "Due to an undocumented active bluetooth stack on products delivered within the period 01.01.2024 to 09.05.2025 fingerprinting is possible by an unauthenticated adjacent attacker."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-207",
                  "description": "CWE-207 Observable Behavioral Discrepancy With Equivalent Products",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-10T10:46:30.034Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://certvde.com/en/advisories/VDE-2025-047"
            }
          ],
          "source": {
            "advisory": "VDE-2025-047",
            "defect": [
              "CERT@VDE#641788"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "AUMA: Incorrect delivery status of the Bluetooth configuration",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-41657",
        "datePublished": "2025-06-10T10:46:30.034Z",
        "dateReserved": "2025-04-16T11:17:48.306Z",
        "dateUpdated": "2025-06-10T14:25:52.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-3496 (GCVE-0-2025-3496)

    Vulnerability from cvelistv5 – Published: 2025-05-12 08:01 – Updated: 2025-05-16 09:00
    VLAI
    Title
    AUMA Riester: Buffer overflow in service telegram
    Summary
    An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Auma Riester AC1.2 Affected: 06.00.00 , < 06.09.04 (semver)
    Create a notification for this product.
    Auma Riester MEC 03.01 Affected: 0 , < 01.02.00 (semver)
    Create a notification for this product.
    Auma Riester PROFOX Affected: 0 , < 01-01.10.00 (semver)
    Create a notification for this product.
    Auma Riester SGx/SVx Affected: 03.00.00 , < 03.05.01 (semver)
    Create a notification for this product.
    Auma Riester TIGRON Affected: 0 , < 01-01.09.00 (semver)
    Create a notification for this product.
    Auma Riester TIGRON SIL Affected: 0 , < 02-01.01.00 (semver)
    Create a notification for this product.
    Credits
    Dennis Schaefer from ONEKEY GmbH
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-3496",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-12T14:30:11.496582Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-12T14:32:49.221Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "AC1.2",
              "vendor": "Auma Riester",
              "versions": [
                {
                  "lessThan": "06.09.04",
                  "status": "affected",
                  "version": "06.00.00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MEC 03.01",
              "vendor": "Auma Riester",
              "versions": [
                {
                  "lessThan": "01.02.00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PROFOX",
              "vendor": "Auma Riester",
              "versions": [
                {
                  "lessThan": "01-01.10.00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SGx/SVx",
              "vendor": "Auma Riester",
              "versions": [
                {
                  "lessThan": "03.05.01",
                  "status": "affected",
                  "version": "03.00.00",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TIGRON",
              "vendor": "Auma Riester",
              "versions": [
                {
                  "lessThan": "01-01.09.00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TIGRON SIL",
              "vendor": "Auma Riester",
              "versions": [
                {
                  "lessThan": "02-01.01.00",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Dennis Schaefer from ONEKEY GmbH"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface."
                }
              ],
              "value": "An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-16T09:00:16.307Z",
            "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
            "shortName": "CERTVDE"
          },
          "references": [
            {
              "url": "https://cert.vde.com/en/advisories/VDE-2025-026"
            }
          ],
          "source": {
            "advisory": "VDE-2025-026",
            "defect": [
              "CERT@VDE#641760"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "AUMA Riester: Buffer overflow in service telegram",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "assignerShortName": "CERTVDE",
        "cveId": "CVE-2025-3496",
        "datePublished": "2025-05-12T08:01:57.671Z",
        "dateReserved": "2025-04-10T08:26:28.797Z",
        "dateUpdated": "2025-05-16T09:00:16.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }