VDE-2026-045

Vulnerability from csaf_endresshauserag - Published: 2026-07-16 10:00 - Updated: 2026-07-16 10:00
Summary
Endress+Hauser: Multiple products affected by SopasET interface vulnerability
Severity
High
Notes
Summary: A vulnerability was discovered in several Endress+Hauser products that can be accessed via ethernet.
Impact: This vulnerability allows a remote unauthenticated attacker to modify the IP address of the product through the SopasET interface, potentially leading to Denial of Service. There are currently no known public exploits specifically targeting this vulnerability.
Mitigation: Restrict device access to trusted and authorized entities only. Apply the general security measures during product operation to mitigate the identified security risk. Refer to the ICS‑CERT Recommended Practices for Industrial Security for additional guidance.
Remediation: No remediation available.
General Recommendation: Endress+Hauser recommends operating these solutions in a secure environment and restricting access to components to authorized personnel only.

A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.

CWE-306 - Missing Authentication for Critical Function
Mitigation Restrict device access to trusted and authorized entities only. Apply the general security measures during product operation to mitigate the identified security risk. Refer to the ICS‑CERT Recommended Practices for Industrial Security for additional guidance.
No Fix Planned There is no fix planned
Affected products
Product Identifier Version Remediation
Unresolved product id: CSAFPID-31001
Unresolved product id: CSAFPID-31002
Unresolved product id: CSAFPID-31003
Unresolved product id: CSAFPID-31004
Unresolved product id: CSAFPID-31005
Unresolved product id: CSAFPID-31006
Unresolved product id: CSAFPID-31007
Unresolved product id: CSAFPID-31008
Unresolved product id: CSAFPID-31009
Unresolved product id: CSAFPID-31010
Unresolved product id: CSAFPID-31011
Unresolved product id: CSAFPID-31012
Unresolved product id: CSAFPID-31013
Unresolved product id: CSAFPID-31014
Unresolved product id: CSAFPID-31015
Unresolved product id: CSAFPID-31016
Acknowledgments
CERT@VDE certvde.com

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination ",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
      "text": "high"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability was discovered in several Endress+Hauser products that can be accessed via ethernet.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "This vulnerability allows a remote unauthenticated attacker to modify the IP address of the\nproduct through the SopasET interface, potentially leading to Denial of Service. There are currently no\nknown public exploits specifically targeting this vulnerability.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "Restrict device access to trusted and authorized entities only. Apply the general security measures during product operation to mitigate the identified security risk. \nRefer to the ICS\u2011CERT Recommended Practices for Industrial Security for additional guidance.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "No remediation available.",
        "title": "Remediation"
      },
      {
        "category": "general",
        "text": "Endress+Hauser recommends operating these solutions in a secure environment and restricting access to components to authorized personnel only.",
        "title": "General Recommendation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@endress.com",
      "name": "Endress+Hauser AG",
      "namespace": "https://www.endress.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "Endress+Hauser",
        "url": "https://www.endress.com"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Endress+Hauser",
        "url": "https://certvde.com/en/advisories/vendor/endress+hauser"
      },
      {
        "category": "self",
        "summary": "VDE-2026-045: Endress+Hauser: Multiple products affected by SopasET interface vulnerability - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2026-045"
      },
      {
        "category": "self",
        "summary": "VDE-2026-045: Endress+Hauser: Multiple products affected by SopasET interface vulnerability - CSAF",
        "url": "https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-045.json"
      },
      {
        "category": "external",
        "summary": "ICS\u2011CERT Recommended Practices for Industrial Security",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices."
      }
    ],
    "title": "Endress+Hauser: Multiple products affected by SopasET interface vulnerability",
    "tracking": {
      "aliases": [
        "VDE-2026-045"
      ],
      "current_release_date": "2026-07-16T10:00:00.000Z",
      "generator": {
        "date": "2026-07-08T06:37:17.048Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.44"
        }
      },
      "id": "VDE-2026-045",
      "initial_release_date": "2026-07-16T10:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-07-16T10:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial version"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "MARSIC200",
                    "product": {
                      "name": "MARSIC200",
                      "product_id": "CSAFPID-11001",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:marsic200:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "MARSIC280",
                    "product": {
                      "name": "MARSIC280",
                      "product_id": "CSAFPID-11002",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:marsic280:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "MARSIC300",
                    "product": {
                      "name": "MARSIC300",
                      "product_id": "CSAFPID-11003",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:marsic300:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "MCS100FT",
                    "product": {
                      "name": "MCS100FT ",
                      "product_id": "CSAFPID-11004",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:mcs100ft:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "MCS200HW",
                    "product": {
                      "name": "MCS200HW",
                      "product_id": "CSAFPID-11005",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:mcs200hw:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "MCS300P",
                    "product": {
                      "name": "MCS300P",
                      "product_id": "CSAFPID-11006",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:mcs300p:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "MERCEM300Z",
                    "product": {
                      "name": "MERCEM300Z",
                      "product_id": "CSAFPID-11007",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:mercem300z:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "SAM800",
                    "product": {
                      "name": "SAM800",
                      "product_id": "CSAFPID-11008",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:sam800:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "SIPROCESS",
                    "product": {
                      "name": "SIPROCESS",
                      "product_id": "CSAFPID-11009",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:siprocess:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "GMS800",
                    "product": {
                      "name": "GMS800",
                      "product_id": "CSAFPID-11010",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:gms800:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "GMS800 FIDOR",
                    "product": {
                      "name": "GMS800 FIDOR",
                      "product_id": "CSAFPID-11011",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:gms800_fidor:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "GM32",
                    "product": {
                      "name": "GM32",
                      "product_id": "CSAFPID-11012",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:gm32:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "VICOTEC320",
                    "product": {
                      "name": "VICOTEC320",
                      "product_id": "CSAFPID-11013",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:vicotec320:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "MCU ETH-Service and Modbus-TCP Module",
                    "product": {
                      "name": "MCU ETH-Service and Modbus-TCP Module",
                      "product_id": "CSAFPID-11014",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:mcu_eth_service_and_modbus_tcp_module:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "FLPS",
                    "product": {
                      "name": "FLPS",
                      "product_id": "CSAFPID-11015",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:flps:*:*:*:*:*:*:*:*"
                      }
                    }
                  },
                  {
                    "category": "product_name",
                    "name": "MES1B B\u0026B Converter",
                    "product": {
                      "name": "MES1B B\u0026B Converter",
                      "product_id": "CSAFPID-11016",
                      "product_identification_helper": {
                        "cpe": "cpe:2.3:h:endress_hauser:mes1b_b_and_b_converter:*:*:*:*:*:*:*:*"
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "Extractive Analyzer"
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "All Firmware versions",
                  "product_id": "CSAFPID-21001",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:endress_hauser:firmware_all:*:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Endress+Hauser"
      }
    ],
    "product_groups": [
      {
        "group_id": "CSAFGID-0001",
        "product_ids": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016"
        ],
        "summary": "Affected products."
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on MARSIC200",
          "product_id": "CSAFPID-31001",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:marsic200_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on MARSIC280",
          "product_id": "CSAFPID-31002",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:marsic280_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on MARSIC300",
          "product_id": "CSAFPID-31003",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:marsic300_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on MCS100FT",
          "product_id": "CSAFPID-31004",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:mcs100ft_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on MCS200HW",
          "product_id": "CSAFPID-31005",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:mcs200hw_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on MCS300P",
          "product_id": "CSAFPID-31006",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:mcs300p_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on MERCEM300Z",
          "product_id": "CSAFPID-31007",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:mercem300z_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on SAM800",
          "product_id": "CSAFPID-31008",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:sam800_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on SIPROCESS",
          "product_id": "CSAFPID-31009",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:siprocess_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on GMS800",
          "product_id": "CSAFPID-31010",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:gms800_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on GMS800 FIDOR",
          "product_id": "CSAFPID-31011",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:gms800_fidor_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on GM32",
          "product_id": "CSAFPID-31012",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:gm32_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on VICOTEC320",
          "product_id": "CSAFPID-31013",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:vicotec320_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11013"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on MCU ETH-Service and Modbus-TCP Module",
          "product_id": "CSAFPID-31014",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:mcu_eth_service_and_modbus_tcp_module_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11014"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on FLPS",
          "product_id": "CSAFPID-31015",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:flps_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11015"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "All Firmware versions installed on MES1B B\u0026B Converter",
          "product_id": "CSAFPID-31016",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress_hauser:mes1b_b_and_b_converter_firmware:*:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11016"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-8751",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product\u2019s IP address over Sopas ET. This can lead to Denial of Service. Users are recommended to upgrade both MSC800 and MSC800 LFT to version V4.26 and S2.93.20 respectively which fixes this issue.",
          "title": "CVE Description"
        },
        {
          "audience": "all",
          "category": "details",
          "text": "A vulnerability allows a remote unauthenticated attacker to modify the product\u0027s IP address via the SOPAS ET interface, which can lead to a denial-of-service condition.",
          "title": "Vulnerability Details "
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-31001",
          "CSAFPID-31002",
          "CSAFPID-31003",
          "CSAFPID-31004",
          "CSAFPID-31005",
          "CSAFPID-31006",
          "CSAFPID-31007",
          "CSAFPID-31008",
          "CSAFPID-31009",
          "CSAFPID-31010",
          "CSAFPID-31011",
          "CSAFPID-31012",
          "CSAFPID-31013",
          "CSAFPID-31014",
          "CSAFPID-31015",
          "CSAFPID-31016"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Restrict device access to trusted and authorized entities only. Apply the general security measures during product operation to mitigate the identified security risk. \nRefer to the ICS\u2011CERT Recommended Practices for Industrial Security for additional guidance.",
          "group_ids": [
            "CSAFGID-0001"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "There is no fix planned",
          "group_ids": [
            "CSAFGID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalScore": 7.5,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001",
            "CSAFPID-31002",
            "CSAFPID-31003",
            "CSAFPID-31004",
            "CSAFPID-31005",
            "CSAFPID-31006",
            "CSAFPID-31007",
            "CSAFPID-31008",
            "CSAFPID-31009",
            "CSAFPID-31010",
            "CSAFPID-31011",
            "CSAFPID-31012",
            "CSAFPID-31013",
            "CSAFPID-31014",
            "CSAFPID-31015",
            "CSAFPID-31016"
          ]
        }
      ],
      "title": "Vulnerability in SICK MSC800"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…