Primary

Context

Endress+Hauser MEAC300-FNADE4 Multiple Vulnerabilities

Vulnerability

Several vulnerabilities have been identified in the Endress+Hauser MEAC300-FNADE4, all versions, that can be accessed via Ethernet. These vulnerabilities could allow a remote, unauthenticated attacker to compromise the availability, integrity, and confidentiality of the device. One specific issue involves the PHPSESSION cookie, which lacks the HttpOnly flag, allowing access by JavaScript. Additionally, the web application is vulnerable to cross-site scripting (XSS) attacks, SQL injection, and cross-site request forgery (CSRF).

Impact

Exploitation of these vulnerabilities could lead to unauthorized access and manipulation of data, interception of sensitive information, and unauthorized actions being performed on behalf of users.

Remediation

Customers are strongly advised to update to the newest version. General security practices should also be applied to minimize network exposure and restrict access to the device.

Added: Jul 3, 2025, 1:44 PM

Updated: Jul 3, 2025, 1:44 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.2

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.2

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Endress+Hauser MEAC300-FNADE4 Multiple Vulnerabilities

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating