Brute-Force Vulnerability in Endress+Hauser SMB Server Authentication
CVE-2025-27456

7.5HIGH

Key Information:

Vendor

Endress+hauser

Status
Endress+hauser Meac300-fnade4
Vendor
CVE Published:
3 July 2025

What is CVE-2025-27456?

The SMB server developed by Endress+Hauser is vulnerable due to its inadequate implementation of security measures within the login mechanism. This flaw allows an attacker to exploit the system by conducting multiple rapid failed authentication attempts, potentially leading to unauthorized access. Organizations using this server must enhance their authentication strategies to mitigate the risk of brute-force attacks and protect sensitive data.

Affected Version(s)

Endress+Hauser MEAC300-FNADE4 vers:all/*

References

https://www.endress.com
x_Endress+Hauser
https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27456 : Brute-Force Vulnerability in Endress+Hauser SMB Server Authentication