{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27447", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2025-02-26T08:39:58.979Z", "datePublished": "2025-07-03T11:23:20.043Z", "dateUpdated": "2025-07-03T13:16:41.793Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Endress+Hauser MEAC300-FNADE4", "vendor": "Endress+Hauser", "versions": [{"lessThanOrEqual": "<=0.16.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Endress+Hauser MEAC300-FNADE4", "vendor": "Endress+Hauser", "versions": [{"status": "unaffected", "version": ">=0.17.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim\u00e2\u20ac\u2122s browser when an authenticated administrator clicks the link.</p>"}], "value": "The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim\u00e2\u20ac\u2122s browser when an authenticated administrator clicks the link."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "environmentalScore": 7.4, "environmentalSeverity": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "temporalScore": 7.4, "temporalSeverity": "HIGH", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-07-03T11:23:20.043Z"}, "references": [{"tags": ["x_Endress+Hauser"], "url": "https://www.endress.com"}, {"tags": ["x_SICK PSIRT Security Advisories"], "url": "https://sick.com/psirt"}, {"tags": ["x_ICS-CERT recommended practices on Industrial Security"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"tags": ["x_CVSS v3.1 Calculator"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"tags": ["x_The canonical URL."], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json"}, {"tags": ["vendor-advisory"], "url": "https://sick.com/psirt"}, {"tags": ["vendor-advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Customers are strongly advised to update to the newest version.</p>"}], "value": "Customers are strongly advised to update to the newest version."}], "source": {"advisory": "SCA-2025-0008", "discovery": "INTERNAL"}, "title": "CVE-2025-27447", "x_generator": {"engine": "csaf2cve 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-03T12:59:52.008840Z", "id": "CVE-2025-27447", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-03T13:16:41.793Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27447", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-03T12:59:52.008840Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-03T13:04:21.627Z"}}], "cna": {"title": "CVE-2025-27447", "source": {"advisory": "SCA-2025-0008", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "temporalScore": 7.4, "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "temporalSeverity": "HIGH", "availabilityImpact": "NONE", "environmentalScore": 7.4, "privilegesRequired": "NONE", "confidentialityImpact": "HIGH", "environmentalSeverity": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Endress+Hauser", "product": "Endress+Hauser MEAC300-FNADE4", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "<=0.16.0"}], "defaultStatus": "unaffected"}, {"vendor": "Endress+Hauser", "product": "Endress+Hauser MEAC300-FNADE4", "versions": [{"status": "unaffected", "version": ">=0.17.0", "versionType": "custom"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "Customers are strongly advised to update to the newest version.", "supportingMedia": [{"type": "text/html", "value": "<p>Customers are strongly advised to update to the newest version.</p>", "base64": false}]}], "references": [{"url": "https://www.endress.com", "tags": ["x_Endress+Hauser"]}, {"url": "https://sick.com/psirt", "tags": ["x_SICK PSIRT Security Advisories"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["x_ICS-CERT recommended practices on Industrial Security"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["x_CVSS v3.1 Calculator"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json", "tags": ["x_The canonical URL."]}, {"url": "https://sick.com/psirt", "tags": ["vendor-advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "csaf2cve 0.2.0"}, "descriptions": [{"lang": "en", "value": "The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim\u00e2\u20ac\u2122s browser when an authenticated administrator clicks the link.", "supportingMedia": [{"type": "text/html", "value": "<p>The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim\u00e2\u20ac\u2122s browser when an authenticated administrator clicks the link.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-07-03T11:23:20.043Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27447", "state": "PUBLISHED", "dateUpdated": "2025-07-03T13:16:41.793Z", "dateReserved": "2025-02-26T08:39:58.979Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2025-07-03T11:23:20.043Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:endress:meac300-fnade4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D360849D-4E70-4490-918C-9355B021CFD1", "versionEndIncluding": "0.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:endress:meac300-fnade4:-:*:*:*:*:*:*:*", "matchCriteriaId": "EDCFDEA0-D85E-464F-98FD-42775C42812F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim\u00e2\u20ac\u2122s browser when an authenticated administrator clicks the link."}, {"lang": "es", "value": "La aplicaci\u00f3n web es susceptible a ataques de cross-site-scripting. Un atacante puede crear una URL preparada que inyecta c\u00f3digo JavaScript en el sitio web. El c\u00f3digo se ejecuta en el navegador de la v\u00edctima cuando un administrador autenticado hace clic en el enlace."}], "id": "CVE-2025-27447", "lastModified": "2026-02-06T14:38:12.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "psirt@sick.de", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-07-03T12:15:22.407", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"source": "psirt@sick.de", "tags": ["Product"], "url": "https://www.endress.com"}, {"source": "psirt@sick.de", "tags": ["Not Applicable"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@sick.de", "type": "Secondary"}]}

{}

{}