Physical Access Vulnerability in Endress+Hauser Devices
CVE-2025-27460

7.6HIGH

Key Information:

Vendor

Endress+hauser

Status
Endress+hauser Meac300-fnade4
Vendor
CVE Published:
3 July 2025

What is CVE-2025-27460?

Certain Endress+Hauser devices are susceptible to security risks due to the absence of full volume encryption like BitLocker. This vulnerability permits attackers with physical access to the device to boot an alternative operating system, allowing them to bypass Windows login protocols entirely. The attacker gains unrestricted access to all files stored on the hard drives, facilitating both reading and altering of sensitive information.

Affected Version(s)

Endress+Hauser MEAC300-FNADE4 vers:all/*

References

https://www.endress.com
x_Endress+Hauser
https://sick.com/psirt
x_SICK PSIRT Security Advisories
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-27460 : Physical Access Vulnerability in Endress+Hauser Devices