Vulnerability Description
All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Endress | Meac300-Fnade4 Firmware | All versions |
| Endress | Meac300-Fnade4 | - |
Related Weaknesses (CWE)
References
- https://sick.com/psirtVendor Advisory
- https://sick.com/psirtVendor Advisory
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practicesUS Government Resource
- https://www.endress.comProduct
- https://www.first.org/cvss/calculator/3.1Not Applicable
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.jsonVendor Advisory
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdfVendor Advisory
FAQ
What is CVE-2025-27457?
CVE-2025-27457 is a vulnerability with a CVSS score of 6.5 (MEDIUM). All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data.
How severe is CVE-2025-27457?
CVE-2025-27457 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-27457?
Check the references section above for vendor advisories and patch information. Affected products include: Endress Meac300-Fnade4 Firmware, Endress Meac300-Fnade4.