Vulnerability Description
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Endress | Meac300-Fnade4 Firmware | <= 0.16.0 |
| Endress | Meac300-Fnade4 | - |
Related Weaknesses (CWE)
References
- https://sick.com/psirtVendor Advisory
- https://sick.com/psirtVendor Advisory
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practicesUS Government Resource
- https://www.endress.comProduct
- https://www.first.org/cvss/calculator/3.1Not Applicable
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.jsonVendor Advisory
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdfVendor Advisory
FAQ
What is CVE-2025-27455?
CVE-2025-27455 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user per...
How severe is CVE-2025-27455?
CVE-2025-27455 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-27455?
Check the references section above for vendor advisories and patch information. Affected products include: Endress Meac300-Fnade4 Firmware, Endress Meac300-Fnade4.