CVE-2025-27459

Published: Jul 3, 2025Modified: Jan 29, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.

Affected (1)

Products: Endress: Meac300 Fnade4 Firmware

Endress

1 product

Meac300 Fnade4 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Endress Meac300 Fnade4 Firmware	All versions

Running on/with	Platform Versions
Endress Meac300 Fnade4	All versions

Related CWEs

CWE-257

Storing Passwords in a Recoverable Format

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

References (7)

https://sick.com/psirt

Source: psirt@sick.de

Vendor Advisory

https://sick.com/psirt

Source: psirt@sick.de

Vendor Advisory

https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

Source: psirt@sick.de

US Government Resource

https://www.endress.com

Source: psirt@sick.de

Product

https://www.first.org/cvss/calculator/3.1

Source: psirt@sick.de

Not Applicable

https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json

Source: psirt@sick.de

Third Party Advisory

https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf

Source: psirt@sick.de

Third Party Advisory

Timeline

No history available yet.