Endress+Hauser MEAC300-FNADE4 Multiple Vulnerabilities
Vulnerability
A vulnerability has been identified in the Endress+Hauser MEAC300-FNADE4 device, all firmware versions, excluding version 0.16.0. The vulnerability arises because the hard drives are not encrypted with full volume encryption, such as BitLocker. This lack of encryption allows an attacker with physical access to the device to bypass the Windows login and access all files on the hard drives using an alternative operating system.
Impact
Exploitation of this vulnerability could lead to unauthorized access to all files on the hard drives, allowing for reading and writing of data. This bypasses Windows login authentication, posing a significant security risk.
Remediation
Customers are strongly advised to update to the latest version of the Endress+Hauser MEAC300-FNADE4. For general security practices, it is recommended to minimize network exposure of the device, restrict network access, and follow recommended security practices to maintain a protected IT environment.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.