Primary

Context

Endress+Hauser MEAC300-FNADE4 SQL Injection Vulnerability Allowing Database Dump

Vulnerability

A SQL injection vulnerability has been identified in the Endress+Hauser MEAC300-FNADE4 application, all firmware versions. This vulnerability allows an attacker to dump the PostgreSQL database and read its contents. The issue arises from improper neutralization of special elements used in SQL commands, enabling the injection of malicious SQL that can be executed by the database.

Impact

Exploitation of this vulnerability allows for unauthorized access to the PostgreSQL database, where an attacker can read and potentially manipulate its contents.

Remediation

Users are strongly advised to update to the latest version of the Endress+Hauser MEAC300-FNADE4. For those currently on firmware version 0.16.0 or prior, this update will address the SQL injection vulnerability. Instructions for updating can be found on the Endress+Hauser website or by contacting their customer support.

Added: Jul 3, 2025, 1:49 PM

Updated: Jul 3, 2025, 1:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Endress+Hauser MEAC300-FNADE4 SQL Injection Vulnerability Allowing Database Dump

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating