Cross-Site Scripting Vulnerability in SICK Web Applications
CVE-2025-27448

6.8MEDIUM

Key Information:

Vendor

Endress+hauser

Status
Endress+hauser Meac300-fnade4
Vendor
CVE Published:
3 July 2025

What is CVE-2025-27448?

The SICK web application allows attackers to exploit a cross-site scripting vulnerability. By creating new dashboards, a malicious user can inject harmful JavaScript code into the dashboard name. This injected code executes in the browser of any user loading the affected dashboard, potentially compromising sensitive data and user interactions. It's essential to ensure the security of web applications to prevent such attacks.

Affected Version(s)

Endress+Hauser MEAC300-FNADE4 0

Endress+Hauser MEAC300-FNADE4 >=0.17.0

References

https://www.endress.com
x_Endress+Hauser
https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27448 : Cross-Site Scripting Vulnerability in SICK Web Applications