CVE-2025-27454
MEDIUMmeac300-fnade4_firmware < 0.16.0 - Cross-Site Request Forgery
Title source: llmDescription
The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The request uses the victim's browser's saved authorization to execute the request.
References (6)
Core 6
Core References
Product x_endress+hauser
https://www.endress.com
Vendor Advisory x_sick psirt security advisories
https://sick.com/psirt
US Government Resource x_ics-cert recommended practices on industrial security
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
Not Applicable x_cvss v3.1 calculator
https://www.first.org/cvss/calculator/3.1
Vendor Advisory x_the canonical url.
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json
Vendor Advisory vendor-advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf
Scores
CVSS v3
4.3
EPSS
0.0018
EPSS Percentile
7.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
Status
published
Products (1)
endress/meac300-fnade4_firmware
< 0.16.0
Published
Jul 03, 2025
Tracked Since
Feb 18, 2026