SQL Injection Vulnerability in PostgreSQL Databases by SICK
CVE-2025-1708

8.6HIGH

Key Information:

Vendor

Endress+hauser

Status
Endress+hauser Meac300-fnade4
Vendor
CVE Published:
3 July 2025

What is CVE-2025-1708?

The application is susceptible to SQL injection attacks, allowing attackers to manipulate SQL queries and potentially dump the PostgreSQL database contents. This can lead to unauthorized access to sensitive data stored within the database, posing a significant risk to users. It is crucial for organizations using affected SICK products to implement robust security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

Endress+Hauser MEAC300-FNADE4 0

Endress+Hauser MEAC300-FNADE4 >=0.17.0

References

https://www.endress.com
x_Endress+Hauser
https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-1708 : SQL Injection Vulnerability in PostgreSQL Databases by SICK