VNC Authentication Vulnerability in Endress+Hauser Products
CVE-2025-27458
6.5MEDIUM
Key Information:
- Vendor
Endress+hauser
- Vendor
- CVE Published:
- 3 July 2025
What is CVE-2025-27458?
The VNC authentication mechanism relies on a challenge-response system where both the server and client utilize the same password for encryption. In this process, the server sends an encrypted challenge to the client, which is then processed and returned as a response. Due to the unencrypted nature of all VNC communications, an attacker can intercept the challenge and response. This exposure allows the attacker to potentially derive the password, thereby compromising the authentication process and posing significant security risks.
Affected Version(s)
Endress+Hauser MEAC300-FNADE4 vers:all/*