CVE-2025-27456

Summary

The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.

Affected Software

VendorProductVersion RangeStatus
Endress+HauserEndress+Hauser MEAC300-FNADE4vers:all/*affected

Weaknesses

  • CWE-307: CWE-307 Improper Restriction of Excessive Authentication Attempts

Workarounds

Please make sure that you apply general security practices when operating the MEAC300-FNADE4. The following General Security Practices could mitigate the associated security risk.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References