Unencrypted Communication Vulnerability in VNC Server and Client by Endress+Hauser
CVE-2025-27457

6.5MEDIUM

Key Information:

Vendor

Endress+hauser

Status
Endress+hauser Meac300-fnade4
Vendor
CVE Published:
3 July 2025

What is CVE-2025-27457?

A security vulnerability exists in the Endress+Hauser VNC Server and Client software, where all communication exchanged between the server and client(s) is transmitted without encryption. This deficiency allows malicious actors to intercept network traffic and potentially acquire sensitive information, posing significant risks to data integrity and confidentiality. It is imperative for users to evaluate their system configurations and implement appropriate security measures to safeguard against unauthorized access.

Affected Version(s)

Endress+Hauser MEAC300-FNADE4 vers:all/*

References

https://www.endress.com
x_Endress+Hauser
https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27457 : Unencrypted Communication Vulnerability in VNC Server and Client by Endress+Hauser