Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27459 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-01-29 | N/A | 4.4 MEDIUM |
| The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered. | |||||
| CVE-2025-1711 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-01-29 | N/A | 4.3 MEDIUM |
| Multiple services of the DUT as well as different scopes of the same service reuse the same credentials. | |||||
| CVE-2025-27453 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-01-29 | N/A | 5.3 MEDIUM |
| The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript. | |||||
| CVE-2025-1708 | 1 Endress | 2 Meac300-fnade4, Meac300-fnade4 Firmware | 2026-01-29 | N/A | 8.6 HIGH |
| The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content. | |||||