Vulnerability Details CVE-2025-27448
The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.6%
CVSS Severity
CVSS v3 Score 6.8
References
- https://sick.com/psirt
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.endress.com
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf
Products affected by CVE-2025-27448
-
cpe:2.3:h:endress:meac300-fnade4:-
-
cpe:2.3:o:endress:meac300-fnade4_firmware:*