Cookie Security Flaw in Endress+Hauser MEAC300-FNADE4
CVE-2025-27450

6.5MEDIUM

Key Information:

Vendor

Endress+hauser

Status
Endress+hauser Meac300-fnade4
Vendor
CVE Published:
3 July 2025

What is CVE-2025-27450?

The MEAC300-FNADE4 product from Endress+Hauser has been found to have a security issue where the Secure attribute is missing on several cookies. This vulnerability allows an attacker to exploit unencrypted HTTP communications, potentially leading to interception of sensitive data such as the PHPSESSID cookie. This exposure not only compromises user data integrity but raises significant concerns about the overall security posture of systems relying on this product. Organizations are advised to review and secure their HTTP connections to mitigate potential risks.

Affected Version(s)

Endress+Hauser MEAC300-FNADE4 0

Endress+Hauser MEAC300-FNADE4 >=0.17.0

References

https://www.endress.com
x_Endress+Hauser
https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27450 : Cookie Security Flaw in Endress+Hauser MEAC300-FNADE4