CVE-2025-27461

Summary

During startup, the device automatically logs in the EPC2 Windows user without requesting a password.

Affected Software

VendorProductVersion RangeStatus
Endress+HauserEndress+Hauser MEAC300-FNADE4vers:all/*affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

Workarounds

Please make sure that you apply general security practices when operating the MEAC300-FNADE4. The following General Security Practices could mitigate the associated security risk.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References