VNC Authentication Vulnerability in Endress+Hauser Products
CVE-2025-27458

6.5MEDIUM

What is CVE-2025-27458?

The VNC authentication mechanism relies on a challenge-response system where both the server and client utilize the same password for encryption. In this process, the server sends an encrypted challenge to the client, which is then processed and returned as a response. Due to the unencrypted nature of all VNC communications, an attacker can intercept the challenge and response. This exposure allows the attacker to potentially derive the password, thereby compromising the authentication process and posing significant security risks.

Affected Version(s)

Endress+Hauser MEAC300-FNADE4 vers:all/*

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27458 : VNC Authentication Vulnerability in Endress+Hauser Products