Endress+Hauser MEAC300-FNADE4 Improper Restriction of Excessive Authentication Attempts Vulnerability

A vulnerability exists in the Endress+Hauser MEAC300-FNADE4 all firmware versions, where the application fails to adequately prevent multiple failed authentication attempts within a short period. This weakness makes the device susceptible to brute-force attacks, allowing an attacker to potentially gain unauthorized access by systematically guessing authentication credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access by bypassing authentication mechanisms, as the flaw allows for repeated login attempts without sufficient delay or restriction.

Remediation

Users are strongly advised to update the Endress+Hauser MEAC300-FNADE4 to the latest version. For those currently using version 0.16.0 or prior, this update will address the vulnerability. Instructions for updating the device can be found on the Endress+Hauser website or by contacting their customer support.