6.5
CVE-2025-27453
- EPSS 0.35%
- Veröffentlicht 03.07.2025 11:29:48
- Zuletzt bearbeitet 29.01.2026 18:02:04
- Quelle psirt@sick.de
- CVE-Watchlists
- Unerledigt
LoginCVE-2025-27453
The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Endress ≫ Meac300-fnade4 Firmware Version <= 0.16.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.269 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| psirt@sick.de | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
|
CWE-1004 Sensitive Cookie Without 'HttpOnly' Flag
The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.endress.com
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf