Vulnerability Description
The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.
CVSS Score
4.4
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Endress | Meac300-Fnade4 Firmware | All versions |
| Endress | Meac300-Fnade4 | - |
Related Weaknesses (CWE)
References
- https://sick.com/psirtVendor Advisory
- https://sick.com/psirtVendor Advisory
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practicesUS Government Resource
- https://www.endress.comProduct
- https://www.first.org/cvss/calculator/3.1Not Applicable
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.jsonThird Party Advisory
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdfThird Party Advisory
FAQ
What is CVE-2025-27459?
CVE-2025-27459 is a vulnerability with a CVSS score of 4.4 (MEDIUM). The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.
How severe is CVE-2025-27459?
CVE-2025-27459 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-27459?
Check the references section above for vendor advisories and patch information. Affected products include: Endress Meac300-Fnade4 Firmware, Endress Meac300-Fnade4.