Home

Description

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy (BLE) interface. Consequently, an attacker within wireless range can gain unauthorized administrative access to the device configuration.

PUBLISHED Reserved 2025-05-20 | Published 2026-06-22 | Updated 2026-06-22 | Assigner SCHUTZWERK




HIGH: 8.7CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-305 Authentication bypass by primary weakness

Product status

Default status
unaffected

4.82 (custom) before 4.97
affected

Timeline

2025-03-28:Vulnerability discovered
2025-04-14:Initial contact with vendor
2025-04-16:Vulnerability reported to technical support of vendor
2025-05-08:Follow-up meeting was canceled by vendor
2025-05-16:Initial contact with CTO of vendor
2025-05-28:Vulnerability presented to CTO of vendor
2025-06-16:Vendor informed SCHUTZWERK that the patch was currently tested
2025-07-03:Follow-up meeting was canceled by vendor
2025-07-31:Follow-up meeting was requested by SCHUTZWERK
2025-08-21:Vendor informed SCHUTZWERK that the patch was postponed
2025-08-28:Vendor informed SCHUTZWERK that the patch was currently tested
2025-12-19:Vendor informed SCHUTZWERK that the patch was released
2025-12-19:Disclosure delayed for 180 days to allow patching the affected devices during scheduled maintenance windows
2026-06-19:Advisory released by SCHUTZWERK

Credits

The vulnerability was discovered by Jan Hüber of SCHUTZWERK GmbH. finder

References

www.schutzwerk.com/en/blog/schutzwerk-sa-2025-001/

cve.org (CVE-2025-4994)

nvd.nist.gov (CVE-2025-4994)

Download JSON