VDE-2019-004
Vulnerability from csaf_pepperlfuchsse - Published: 2019-03-14 07:52 - Updated: 2019-03-14 07:52Summary
Pepperl+Fuchs: ecom Mobile Devices prone to BlueBorne Attack
Notes
Summary: A collection of Bluetooth attack vectors were discovered and related vulnerabilities known as "BlueBorne" were disclosed. These vulnerabilities collectively endanger amongst others Windows, Linux and mobile operating systems like Android or IOS. An unauthenticated attacker may take control of devices and perform commands or access sensitive data.
Impact: An unauthenticated, remote attacker may be able to obtain private information about the device or user, execute arbitrary code on the device or perform a virtually invisible Man-in-the-middle (MitM) attack.
Remediation: Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device.
For released firmware updates see table below.
| Product | Date | Update Source |
|---------------------|-----------|----------------------|
| CT50-Ex Android | 09/2017 | FOTA-Update |
| CT50-Ex Windows | 10/2017 | Microsoft Update |
| Pad-Ex 01 | 09/2017 | Microsoft Update |
| Smart-Ex 01 | 09/2018 | FOTA-Update |
| Smart-Ex 201 | 10/2018 | FOTA-Update |
In case there is no update available, users should consider the following workaround:
Deactivation of Bluetooth on the device
Unused or not needed Bluetooth should be switched off / disabled on affected devices.
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.
8.8 (High)
Vendor Fix
Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device.
For released firmware updates see table below.
| Product | Date | Update Source |
|---------------------|-----------|----------------------|
| CT50-Ex Android | 09/2017 | FOTA-Update |
| CT50-Ex Windows | 10/2017 | Microsoft Update |
| Pad-Ex 01 | 09/2017 | Microsoft Update |
| Smart-Ex 01 | 09/2018 | FOTA-Update |
| Smart-Ex 201 | 10/2018 | FOTA-Update |
In case there is no update available, users should consider the following workaround:
Deactivation of Bluetooth on the device
Unused or not needed Bluetooth should be switched off / disabled on affected devices.
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.
6.5 (Medium)
Vendor Fix
Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device.
For released firmware updates see table below.
| Product | Date | Update Source |
|---------------------|-----------|----------------------|
| CT50-Ex Android | 09/2017 | FOTA-Update |
| CT50-Ex Windows | 10/2017 | Microsoft Update |
| Pad-Ex 01 | 09/2017 | Microsoft Update |
| Smart-Ex 01 | 09/2018 | FOTA-Update |
| Smart-Ex 201 | 10/2018 | FOTA-Update |
In case there is no update available, users should consider the following workaround:
Deactivation of Bluetooth on the device
Unused or not needed Bluetooth should be switched off / disabled on affected devices.
A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.
8.8 (High)
Vendor Fix
Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device.
For released firmware updates see table below.
| Product | Date | Update Source |
|---------------------|-----------|----------------------|
| CT50-Ex Android | 09/2017 | FOTA-Update |
| CT50-Ex Windows | 10/2017 | Microsoft Update |
| Pad-Ex 01 | 09/2017 | Microsoft Update |
| Smart-Ex 01 | 09/2018 | FOTA-Update |
| Smart-Ex 201 | 10/2018 | FOTA-Update |
In case there is no update available, users should consider the following workaround:
Deactivation of Bluetooth on the device
Unused or not needed Bluetooth should be switched off / disabled on affected devices.
A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.
6.5 (Medium)
Vendor Fix
Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device.
For released firmware updates see table below.
| Product | Date | Update Source |
|---------------------|-----------|----------------------|
| CT50-Ex Android | 09/2017 | FOTA-Update |
| CT50-Ex Windows | 10/2017 | Microsoft Update |
| Pad-Ex 01 | 09/2017 | Microsoft Update |
| Smart-Ex 01 | 09/2018 | FOTA-Update |
| Smart-Ex 201 | 10/2018 | FOTA-Update |
In case there is no update available, users should consider the following workaround:
Deactivation of Bluetooth on the device
Unused or not needed Bluetooth should be switched off / disabled on affected devices.
Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability".
6.8 (Medium)
Vendor Fix
Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device.
For released firmware updates see table below.
| Product | Date | Update Source |
|---------------------|-----------|----------------------|
| CT50-Ex Android | 09/2017 | FOTA-Update |
| CT50-Ex Windows | 10/2017 | Microsoft Update |
| Pad-Ex 01 | 09/2017 | Microsoft Update |
| Smart-Ex 01 | 09/2018 | FOTA-Update |
| Smart-Ex 201 | 10/2018 | FOTA-Update |
In case there is no update available, users should consider the following workaround:
Deactivation of Bluetooth on the device
Unused or not needed Bluetooth should be switched off / disabled on affected devices.
References
Acknowledgments
CERT@VDE
certvde.com
Armis
Ben Seri
Gregory Vishnepolsky
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
},
{
"names": [
"Ben Seri",
"Gregory Vishnepolsky"
],
"organization": "Armis"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A collection of Bluetooth attack vectors were discovered and related vulnerabilities known as \"BlueBorne\" were disclosed. These vulnerabilities collectively endanger amongst others Windows, Linux and mobile operating systems like Android or IOS. An unauthenticated attacker may take control of devices and perform commands or access sensitive data.",
"title": "Summary"
},
{
"category": "description",
"text": "An unauthenticated, remote attacker may be able to obtain private information about the device or user, execute arbitrary code on the device or perform a virtually invisible Man-in-the-middle (MitM) attack.",
"title": "Impact"
},
{
"category": "description",
"text": "Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device. \n\nFor released firmware updates see table below.\n\n| Product | Date | Update Source |\n|---------------------|-----------|----------------------|\n| CT50-Ex Android | 09/2017 | FOTA-Update |\n| CT50-Ex Windows | 10/2017 | Microsoft Update |\n| Pad-Ex 01 | 09/2017 | Microsoft Update |\n| Smart-Ex 01 | 09/2018 | FOTA-Update |\n| Smart-Ex 201 | 10/2018 | FOTA-Update |\n\nIn case\u00a0there is no update available, users should consider the following workaround:\n\nDeactivation of Bluetooth on the device\nUnused or not needed Bluetooth should be switched off / disabled on affected devices.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "cert@pepperl-fuchs.com",
"name": "Pepperl+Fuchs SE",
"namespace": "https://www.pepperl-fuchs.com"
},
"references": [
{
"category": "self",
"summary": "VDE-2019-004: Pepperl+Fuchs: ecom Mobile Devices prone to BlueBorne Attack - HTML",
"url": "https://certvde.com/en/advisories/VDE-2019-004/"
},
{
"category": "self",
"summary": "VDE-2019-004: Pepperl+Fuchs: ecom Mobile Devices prone to BlueBorne Attack - CSAF",
"url": "https://pepperl-fuchs.csaf-tp.certvde.com/.well-known/csaf/white/2019/vde-2019-004.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://www.pepperl-fuchs.com"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Pepperl+Fuchs SE",
"url": "https://certvde.com/en/advisories/vendor/pepperl-fuchs/"
}
],
"title": "Pepperl+Fuchs: ecom Mobile Devices prone to BlueBorne Attack",
"tracking": {
"aliases": [
"VDE-2019-004"
],
"current_release_date": "2019-03-14T07:52:00.000Z",
"generator": {
"date": "2025-06-05T07:49:43.843Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.27"
}
},
"id": "VDE-2019-004",
"initial_release_date": "2019-03-14T07:52:00.000Z",
"revision_history": [
{
"date": "2019-03-14T07:52:00.000Z",
"number": "1",
"summary": "Initial revision."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "CT50-Ex vers:all/*",
"product_id": "CSAFPID-11001"
}
}
],
"category": "product_name",
"name": "CT50-Ex"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Cx70-Ex vers:all/*",
"product_id": "CSAFPID-11002"
}
}
],
"category": "product_name",
"name": "Cx70-Ex"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Ex-Handy 09 vers:all/*",
"product_id": "CSAFPID-11003"
}
}
],
"category": "product_name",
"name": "Ex-Handy 09"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Ex-Handy 209 vers:all/*",
"product_id": "CSAFPID-11004"
}
}
],
"category": "product_name",
"name": "Ex-Handy 209"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "i.roc Ci70-Ex vers:all/*",
"product_id": "CSAFPID-11005"
}
}
],
"category": "product_name",
"name": "i.roc Ci70-Ex"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Pad-Ex 01 vers:all/*",
"product_id": "CSAFPID-11006"
}
}
],
"category": "product_name",
"name": "Pad-Ex 01"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Smart-Ex 01 vers:all/*",
"product_id": "CSAFPID-11007"
}
}
],
"category": "product_name",
"name": "Smart-Ex 01"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Smart-Ex 201 vers:all/*",
"product_id": "CSAFPID-11008"
}
}
],
"category": "product_name",
"name": "Smart-Ex 201"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Tab-Ex 01 vers:all/*",
"product_id": "CSAFPID-11009"
}
}
],
"category": "product_name",
"name": "Tab-Ex 01"
}
],
"category": "product_family",
"name": "Software"
}
],
"category": "vendor",
"name": "Pepperl+Fuchs"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009"
],
"summary": "Affected products."
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-0781",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device. \n\nFor released firmware updates see table below.\n\n| Product | Date | Update Source |\n|---------------------|-----------|----------------------|\n| CT50-Ex Android | 09/2017 | FOTA-Update |\n| CT50-Ex Windows | 10/2017 | Microsoft Update |\n| Pad-Ex 01 | 09/2017 | Microsoft Update |\n| Smart-Ex 01 | 09/2018 | FOTA-Update |\n| Smart-Ex 201 | 10/2018 | FOTA-Update |\n\nIn case\u00a0there is no update available, users should consider the following workaround:\n\nDeactivation of Bluetooth on the device\nUnused or not needed Bluetooth should be switched off / disabled on affected devices.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009"
]
}
],
"title": "CVE-2017-0781"
},
{
"cve": "CVE-2017-0785",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device. \n\nFor released firmware updates see table below.\n\n| Product | Date | Update Source |\n|---------------------|-----------|----------------------|\n| CT50-Ex Android | 09/2017 | FOTA-Update |\n| CT50-Ex Windows | 10/2017 | Microsoft Update |\n| Pad-Ex 01 | 09/2017 | Microsoft Update |\n| Smart-Ex 01 | 09/2018 | FOTA-Update |\n| Smart-Ex 201 | 10/2018 | FOTA-Update |\n\nIn case\u00a0there is no update available, users should consider the following workaround:\n\nDeactivation of Bluetooth on the device\nUnused or not needed Bluetooth should be switched off / disabled on affected devices.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009"
]
}
],
"title": "CVE-2017-0785"
},
{
"cve": "CVE-2017-0782",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device. \n\nFor released firmware updates see table below.\n\n| Product | Date | Update Source |\n|---------------------|-----------|----------------------|\n| CT50-Ex Android | 09/2017 | FOTA-Update |\n| CT50-Ex Windows | 10/2017 | Microsoft Update |\n| Pad-Ex 01 | 09/2017 | Microsoft Update |\n| Smart-Ex 01 | 09/2018 | FOTA-Update |\n| Smart-Ex 201 | 10/2018 | FOTA-Update |\n\nIn case\u00a0there is no update available, users should consider the following workaround:\n\nDeactivation of Bluetooth on the device\nUnused or not needed Bluetooth should be switched off / disabled on affected devices.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009"
]
}
],
"title": "CVE-2017-0782"
},
{
"cve": "CVE-2017-0783",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device. \n\nFor released firmware updates see table below.\n\n| Product | Date | Update Source |\n|---------------------|-----------|----------------------|\n| CT50-Ex Android | 09/2017 | FOTA-Update |\n| CT50-Ex Windows | 10/2017 | Microsoft Update |\n| Pad-Ex 01 | 09/2017 | Microsoft Update |\n| Smart-Ex 01 | 09/2018 | FOTA-Update |\n| Smart-Ex 201 | 10/2018 | FOTA-Update |\n\nIn case\u00a0there is no update available, users should consider the following workaround:\n\nDeactivation of Bluetooth on the device\nUnused or not needed Bluetooth should be switched off / disabled on affected devices.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009"
]
}
],
"title": "CVE-2017-0783"
},
{
"cve": "CVE-2017-8628",
"notes": [
{
"category": "description",
"text": "Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft\u0027s implementation of the Bluetooth stack, aka \"Microsoft Bluetooth Driver Spoofing Vulnerability\".",
"title": "Vulnerability Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Customers using affected Pepperl+Fuchs / ecom instruments products are recommended to update the device. \n\nFor released firmware updates see table below.\n\n| Product | Date | Update Source |\n|---------------------|-----------|----------------------|\n| CT50-Ex Android | 09/2017 | FOTA-Update |\n| CT50-Ex Windows | 10/2017 | Microsoft Update |\n| Pad-Ex 01 | 09/2017 | Microsoft Update |\n| Smart-Ex 01 | 09/2018 | FOTA-Update |\n| Smart-Ex 201 | 10/2018 | FOTA-Update |\n\nIn case\u00a0there is no update available, users should consider the following workaround:\n\nDeactivation of Bluetooth on the device\nUnused or not needed Bluetooth should be switched off / disabled on affected devices.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.8,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-11001",
"CSAFPID-11002",
"CSAFPID-11003",
"CSAFPID-11004",
"CSAFPID-11005",
"CSAFPID-11006",
"CSAFPID-11007",
"CSAFPID-11008",
"CSAFPID-11009"
]
}
],
"title": "CVE-2017-8628"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…