CVE-2025-27459

EPSS 0.04%
Veröffentlicht 03.07.2025 11:33:53
Zuletzt bearbeitet 29.01.2026 19:28:23
Quelle psirt@sick.de
CVE-Watchlists
Login
Unerledigt
Login

The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Endress ≫ Meac300-fnade4 Firmware

Endress ≫ Meac300-fnade4 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.117

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@sick.de	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-257 Storing Passwords in a Recoverable Format

The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts.

https://sick.com/psirt

Vendor Advisory

https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

US Government Resource

https://www.first.org/cvss/calculator/3.1

Not Applicable

https://www.endress.com

Product

https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json

Third Party Advisory

https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf

Third Party Advisory