Vulnerability Details CVE-2025-27457
All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.2%
CVSS Severity
CVSS v3 Score 6.5
References
- https://sick.com/psirt
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.endress.com
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf
Products affected by CVE-2025-27457
-
cpe:2.3:h:endress:meac300-fnade4:-
-
cpe:2.3:o:endress:meac300-fnade4_firmware:*