VDE-2026-032

Vulnerability from csaf_endresshauserag - Published: 2026-04-21 07:00 - Updated: 2026-04-21 07:00
Summary
Endress+Hauser: sudo vulnerability affects Endress+Hauser MCS200HW
Severity
Critical
Notes
Summary: The display unit of the Endress+Hauser MCS200HW is affected by a sudo chroot vulnerability.
Impact: If exploited, this vulnerability could potentially allow an unauthenticated attacker to compromise the availability, integrity, and confidentiality of the Endress+Hauser MCS200HW.
Mitigation: As a temporary mitigation measure, both system and network access to the affected functionality should be strictly restricted. Access should be limited to authorized personnel only, and exposure to external or untrusted networks should be minimized or fully blocked until an update of the display firmware has been completed.
Remediation: Endress+Hauser has released updated firmware versions that address this vulnerability. The display unit's firmware versions below 4.3.4 are affected. To address the vulnerability, customers are strongly recommended to update the display unit of their devices to firmware version 4.3.4. Endress+Hauser will include this firmware version in the MCS200HW products starting with version 1.11.5.6R. Alternatively, customers can contact Endress+Hauser directly to obtain the updated display firmware, or download the original firmware - including update instructions - from the Phoenix Contact website referenced below. Customers are strongly advised to upgrade to the latest fixed version. For assistance, please contact your local Endress+Hauser service center.
General Recommendation: Endress+Hauser recommends operating these solutions in a secure environment and restricting access to components to authorized personnel only.
CVE-2025-32463

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Vendor Fix The display unit's firmware versions below 4.3.4 are affected. To address the vulnerability, customers are strongly recommended to update the display unit of their devices to firmware version 4.3.4. Endress+Hauser will include this firmware version in the MCS200HW products starting with version 1.11.5.6R. Alternatively, customers can contact Endress+Hauser directly to obtain the updated display firmware, or download the original firmware - including update instructions - from the Phoenix Contact website referenced below.
Mitigation As a temporary mitigation measure, both system and network access to the affected functionality should be strictly restricted. Access should be limited to authorized personnel only, and exposure to external or untrusted networks should be minimized or fully blocked until an update of the display firmware has been completed.
References
Acknowledgments
CERT@VDE certvde.com
To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "organization": "CERT@VDE",
        "summary": "coordination",
        "urls": [
          "https://certvde.com"
        ]
      }
    ],
    "aggregate_severity": {
      "namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
      "text": "critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "The display unit of the Endress+Hauser MCS200HW is affected by a sudo chroot vulnerability.",
        "title": "Summary"
      },
      {
        "category": "description",
        "text": "If exploited, this vulnerability could potentially allow an unauthenticated attacker to compromise the availability, integrity, and confidentiality of the Endress+Hauser MCS200HW.",
        "title": "Impact"
      },
      {
        "category": "description",
        "text": "As a temporary mitigation measure, both system and network access to the affected functionality should be strictly restricted. Access should be limited to authorized personnel only, and exposure to external or untrusted networks should be minimized or fully blocked until an update of the display firmware has been completed.",
        "title": "Mitigation"
      },
      {
        "category": "description",
        "text": "Endress+Hauser has released updated firmware versions that address this vulnerability.  \nThe display unit\u0027s firmware versions below 4.3.4 are affected. To address the vulnerability,\ncustomers are strongly recommended to update the display unit of their devices to firmware version\n4.3.4.\nEndress+Hauser will include this firmware version in the MCS200HW products starting with version\n1.11.5.6R.\nAlternatively, customers can contact Endress+Hauser directly to obtain the updated display firmware,\nor download the original firmware - including update instructions - from the Phoenix Contact website\nreferenced below.\nCustomers are strongly advised to upgrade to the latest fixed version. For assistance, please contact your local Endress+Hauser service center.",
        "title": "Remediation"
      },
      {
        "category": "general",
        "text": "Endress+Hauser recommends operating these solutions in a secure environment and restricting access to components to authorized personnel only.",
        "title": "General Recommendation"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@endress.com",
      "name": "Endress+Hauser AG",
      "namespace": "https://www.endress.com"
    },
    "references": [
      {
        "category": "external",
        "summary": "Endress+Hauser",
        "url": "https://www.endress.com"
      },
      {
        "category": "external",
        "summary": "CERT@VDE Security Advisories for Endress+Hauser",
        "url": "https://certvde.com/en/advisories/vendor/endress+hauser"
      },
      {
        "category": "self",
        "summary": "VDE-2026-032: Endress+Hauser: sudo vulnerability affects Endress+Hauser MCS200HW - HTML",
        "url": "https://certvde.com/en/advisories/VDE-2026-032"
      },
      {
        "category": "self",
        "summary": "VDE-2026-032: Endress+Hauser: Sudo vulnerability affects Endress+Hauser MCS200HW - CSAF",
        "url": "https://endress-hauser.csaf-tp.certvde.com/.well-known/csaf/white/2026/vde-2026-032.json"
      },
      {
        "category": "external",
        "summary": "Standalone display firmware, update procedure and further details",
        "url": "https://www.phoenixcontact.com/de-de/produkte/touch-panel-wp-6121-wxps-1290802"
      }
    ],
    "title": "Endress+Hauser: sudo vulnerability affects Endress+Hauser MCS200HW",
    "tracking": {
      "aliases": [
        "VDE-2026-032"
      ],
      "current_release_date": "2026-04-21T07:00:00.000Z",
      "generator": {
        "date": "2026-04-21T07:50:11.925Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.44"
        }
      },
      "id": "VDE-2026-032",
      "initial_release_date": "2026-04-21T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-04-21T07:00:00.000Z",
          "number": "1.0.0",
          "summary": "Initial version"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "branches": [
                      {
                        "category": "product_version_range",
                        "name": "vers:all/*",
                        "product": {
                          "name": "Endress+Hauser MCS200HW all versions",
                          "product_id": "CSAFPID-11001",
                          "product_identification_helper": {
                            "cpe": "cpe:2.3:h:endress_hauser:mcs200hw:*:*:*:*:*:*:*:*"
                          }
                        }
                      }
                    ],
                    "category": "product_name",
                    "name": "MCS200HW"
                  }
                ],
                "category": "product_family",
                "name": "Extractive Analyzer"
              }
            ],
            "category": "product_family",
            "name": "Hardware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:generic/\u003c1.11.5.6R",
                "product": {
                  "name": "Firmware \u003c1.11.5.6R",
                  "product_id": "CSAFPID-21001"
                }
              },
              {
                "category": "product_version",
                "name": "1.11.5.6R",
                "product": {
                  "name": "Firmware 1.11.5.6R",
                  "product_id": "CSAFPID-22001"
                }
              }
            ],
            "category": "product_family",
            "name": "Firmware"
          }
        ],
        "category": "vendor",
        "name": "Endress+Hauser"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MCS200HW with firmware \u003c1.11.5.6R",
          "product_id": "CSAFPID-31001"
        },
        "product_reference": "CSAFPID-21001",
        "relates_to_product_reference": "CSAFPID-11001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "Endress+Hauser MCS200HW with firmware 1.11.5.6R",
          "product_id": "CSAFPID-32001",
          "product_identification_helper": {
            "cpe": "cpe:2.3:o:endress:mcs200hw_firmware:1.11.5.6r:*:*:*:*:*:*:*"
          }
        },
        "product_reference": "CSAFPID-22001",
        "relates_to_product_reference": "CSAFPID-11001"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-32463",
      "cwe": {
        "id": "CWE-829",
        "name": "Inclusion of Functionality from Untrusted Control Sphere"
      },
      "notes": [
        {
          "audience": "all",
          "category": "description",
          "text": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-32001"
        ],
        "known_affected": [
          "CSAFPID-31001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVSS 4.0 Score",
          "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The display unit\u0027s firmware versions below 4.3.4 are affected. To address the vulnerability, customers are strongly recommended to update the display unit of their devices to firmware version 4.3.4.\n\nEndress+Hauser will include this firmware version in the MCS200HW products starting with version 1.11.5.6R.\n\nAlternatively, customers can contact Endress+Hauser directly to obtain the updated display firmware, or download the original firmware - including update instructions - from the Phoenix Contact website referenced below.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        },
        {
          "category": "mitigation",
          "details": "As a temporary mitigation measure, both system and network access to the affected functionality should be strictly restricted. Access should be limited to authorized personnel only, and exposure to external or untrusted networks should be minimized or fully blocked until an update of the display firmware has been completed.",
          "product_ids": [
            "CSAFPID-31001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-31001"
          ]
        }
      ],
      "title": "CVE-2025-32463"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.