Endress+Hauser MEAC300-FNADE4 Multiple Vulnerabilities
Vulnerability
Several vulnerabilities have been identified in the Endress+Hauser MEAC300-FNADE4, all versions, that can be accessed via Ethernet. These vulnerabilities could allow a remote, unauthenticated attacker to compromise the availability, integrity, and confidentiality of the device. One specific vulnerability involves the VNC application used in the MEAC300-FNADE4, which stores passwords encrypted with the now-broken DES algorithm. This flaw allows for the recovery of the original passwords.
Impact
Exploitation of these vulnerabilities could lead to a range of issues, including SQL injection attacks, cross-site scripting vulnerabilities, improper authentication measures, and the interception of unencrypted VNC traffic, all of which could compromise the device's security and functionality.
Remediation
Customers are strongly advised to update to the newest version of the MEAC300-FNADE4. General security practices should also be applied to minimize network exposure and ensure the device operates in a secure IT environment.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.