PostgreSQL Plain Text Credential Exposure in Sick Products
CVE-2025-1709

6.5MEDIUM

Key Information:

Vendor

Endress+hauser

Status
Endress+hauser Meac300-fnade4
Vendor
CVE Published:
3 July 2025

What is CVE-2025-1709?

A vulnerability exists in several Sick products where credentials for the local PostgreSQL database are stored in plain text, with some being partially base64 encoded. This poses a significant risk as unauthorized users may gain access to sensitive database information, leading to potential data breaches and unauthorized operations. It is essential to implement secure practices to protect database credentials and enhance overall security measures.

Affected Version(s)

Endress+Hauser MEAC300-FNADE4 0

Endress+Hauser MEAC300-FNADE4 >=0.17.0

References

https://www.endress.com
x_Endress+Hauser
https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-1709 : PostgreSQL Plain Text Credential Exposure in Sick Products