CVE-2025-27455

Medium CVSS: 4.3

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects.

Vendor

Endress

Product

Meac300-fnade4 Firmware

CWE

CWE-1021

Yayın Tarihi

2025-07-03 12:15:23

Güncelleme

2026-02-06 14:39:12

Source Identifier

psirt@sick.de

KEV Date Added

Kategoriler

CWE-1021 Meac300-fnade4 Firmware MEDIUM Endress 2025

Referanslar

https://sick.com/psirt https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.endress.com https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf

Benzer Kayıtlar

Medium

CVE-2025-27459

The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, th…

High

CVE-2025-27460

The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an…

High

CVE-2025-27461

During startup, the device automatically logs in the EPC2 Windows user without requesting a password.

Medium

CVE-2025-27452

The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. The…

Medium

CVE-2025-27453

The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such…

Medium

CVE-2025-27454

The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitti…