CVE-2025-27452

Medium CVSS: 5.3

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of the FNADE4 web application. The functionality of the some modules

pose a risk to the webserver which enable dircetory listing.

Vendor

Endress

Product

Meac300-fnade4 Firmware

CWE

CWE-548

Yayın Tarihi

2025-07-03 12:15:23

Güncelleme

2026-02-06 14:38:59

Source Identifier

psirt@sick.de

KEV Date Added

Kategoriler

CWE-548 Meac300-fnade4 Firmware MEDIUM Endress 2025

Referanslar

https://sick.com/psirt https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.endress.com https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf

Benzer Kayıtlar

Medium

CVE-2025-27459

The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, th…

High

CVE-2025-27460

The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an…

High

CVE-2025-27461

During startup, the device automatically logs in the EPC2 Windows user without requesting a password.

Medium

CVE-2025-27453

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such…

Medium

CVE-2025-27454

The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitti…

Medium

CVE-2025-27455

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an atta…