VNC Authentication Vulnerability in Endress+Hauser Products
CVE-2025-27458

6.5MEDIUM

Key Information:

Vendor

Endress+hauser

Status
Endress+hauser Meac300-fnade4
Vendor
CVE Published:
3 July 2025

What is CVE-2025-27458?

The VNC authentication mechanism relies on a challenge-response system where both the server and client utilize the same password for encryption. In this process, the server sends an encrypted challenge to the client, which is then processed and returned as a response. Due to the unencrypted nature of all VNC communications, an attacker can intercept the challenge and response. This exposure allows the attacker to potentially derive the password, thereby compromising the authentication process and posing significant security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Endress+Hauser MEAC300-FNADE4 vers:all/*

References

https://www.endress.com
x_Endress+Hauser
https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.