Vulnerability Description
The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Endress | Meac300-Fnade4 Firmware | <= 0.16.0 |
| Endress | Meac300-Fnade4 | - |
Related Weaknesses (CWE)
References
- https://sick.com/psirtVendor Advisory
- https://sick.com/psirtVendor Advisory
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practicesUS Government Resource
- https://www.endress.comProduct
- https://www.first.org/cvss/calculator/3.1Not Applicable
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.jsonVendor Advisory
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdfVendor Advisory
FAQ
What is CVE-2025-27448?
CVE-2025-27448 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website...
How severe is CVE-2025-27448?
CVE-2025-27448 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-27448?
Check the references section above for vendor advisories and patch information. Affected products include: Endress Meac300-Fnade4 Firmware, Endress Meac300-Fnade4.