VNC Application Vulnerability: Password Encryption Weakness
CVE-2025-27459

4.4MEDIUM

Key Information:

Vendor

Endress+hauser

Status
Endress+hauser Meac300-fnade4
Vendor
CVE Published:
3 July 2025

What is CVE-2025-27459?

The VNC application encrypts user passwords using the DES encryption algorithm, which is known to be insecure due to its vulnerability to attacks that can easily recover original plaintext passwords. This encryption weakness poses significant risks to user data, making it essential for users of the VNC application to be aware of potential exposures and take necessary actions to mitigate them. Organizations are encouraged to review their security practices, implement stronger encryption methods, and stay updated with the latest security advisories from Endress+Hauser.

Affected Version(s)

Endress+Hauser MEAC300-FNADE4 vers:all/*

References

https://www.endress.com
x_Endress+Hauser
https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27459 : VNC Application Vulnerability: Password Encryption Weakness