ByteOS Network

Vulnerability Details :

CVE-2025-27448

Assigner Org ID-a6863dd2-93fc-443d-bef1-79f0b5020988

Published At-03 Jul, 2025 | 11:24

Updated At-03 Jul, 2025 | 13:16

CVE-2025-27448

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:SICK AG

Assigner Org ID:a6863dd2-93fc-443d-bef1-79f0b5020988

Published At:03 Jul, 2025 | 11:24

Updated At:03 Jul, 2025 | 13:16

▼CVE Numbering Authority (CNA)

CVE-2025-27448

Affected Products

Vendor

Endress+Hauser

Product

Endress+Hauser MEAC300-FNADE4

Default Status

unaffected

Versions

Affected

From 0 through <=0.16.0 (custom)

Vendor

Endress+Hauser

Product

Endress+Hauser MEAC300-FNADE4

Default Status

affected

Versions

Unaffected

>=0.17.0 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Metrics

Version	Base score	Base severity	Vector
3.1	6.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Version: 3.1

Base score: 6.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Solutions

Customers are strongly advised to update to the newest version.

References

Hyperlink	Resource
https://www.endress.com	x_Endress+Hauser
https://sick.com/psirt	x_SICK PSIRT Security Advisories
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices	x_ICS-CERT recommended practices on Industrial Security
https://www.first.org/cvss/calculator/3.1	x_CVSS v3.1 Calculator
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json	x_The canonical URL.
https://sick.com/psirt	vendor-advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf	vendor-advisory

Hyperlink: https://www.endress.com

Resource:

x_Endress+Hauser

Hyperlink: https://sick.com/psirt

Resource:

x_SICK PSIRT Security Advisories

Hyperlink: https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

Resource:

x_ICS-CERT recommended practices on Industrial Security

Hyperlink: https://www.first.org/cvss/calculator/3.1

Resource:

x_CVSS v3.1 Calculator

Hyperlink: https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json

Resource:

x_The canonical URL.

Hyperlink: https://sick.com/psirt

Resource:

vendor-advisory

Hyperlink: https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:psirt@sick.de

Published At:03 Jul, 2025 | 12:15

Updated At:03 Jul, 2025 | 15:13

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 6.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	psirt@sick.de

CWE ID: CWE-79

Type: Secondary

Source: psirt@sick.de

References

Hyperlink	Source	Resource
https://sick.com/psirt	psirt@sick.de	N/A
https://sick.com/psirt	psirt@sick.de	N/A
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices	psirt@sick.de	N/A
https://www.endress.com	psirt@sick.de	N/A
https://www.first.org/cvss/calculator/3.1	psirt@sick.de	N/A
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json	psirt@sick.de	N/A
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf	psirt@sick.de	N/A

Hyperlink: https://sick.com/psirt

Source: psirt@sick.de

Resource: N/A

Hyperlink: https://sick.com/psirt

Source: psirt@sick.de

Resource: N/A

Hyperlink: https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

Source: psirt@sick.de

Resource: N/A

Hyperlink: https://www.endress.com

Source: psirt@sick.de

Resource: N/A

Hyperlink: https://www.first.org/cvss/calculator/3.1

Source: psirt@sick.de

Resource: N/A

Hyperlink: https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json

Source: psirt@sick.de

Resource: N/A

Hyperlink: https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf

Source: psirt@sick.de

Resource: N/A

Similar CVEs

1Records found

CVE-2025-27447

Matching Score-6

Assigner-SICK AG

View Details

Matching Score-6

Assigner-SICK AG

CVSS Score-7.4||HIGH

EPSS-0.04% / 12.60%

7 Day CHG~0.00%

Published-03 Jul, 2025 | 11:23

Updated-03 Jul, 2025 | 15:13

CVE-2025-27447

The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victimâ€™s browser when an authenticated administrator clicks the link.

Vendor-Endress+Hauser

Product-Endress+Hauser MEAC300-FNADE4

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2025-27448

Credits

CVE-2025-27448

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs