Cross-Site Scripting Vulnerability in Endress+Hauser Products
CVE-2025-27447

7.4HIGH

Key Information:

Vendor

Endress+hauser

Status
Endress+hauser Meac300-fnade4
Vendor
CVE Published:
3 July 2025

What is CVE-2025-27447?

A cross-site scripting vulnerability exists in the web application developed by Endress+Hauser. This vulnerability allows an attacker to craft a malicious URL that, when clicked by an authenticated administrator, executes JavaScript code within the victim's browser. This type of attack can compromise user sessions, steal sensitive information, or facilitate further exploitation of the web application. It is crucial for users to implement security measures to prevent such attacks, including input validation and user awareness training.

Affected Version(s)

Endress+Hauser MEAC300-FNADE4 0

Endress+Hauser MEAC300-FNADE4 >=0.17.0

References

https://www.endress.com
x_Endress+Hauser
https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27447 : Cross-Site Scripting Vulnerability in Endress+Hauser Products