Primary

Context

Endress+Hauser MEAC300-FNADE4 Missing Authorization Vulnerability

Vulnerability

A vulnerability has been identified in the Endress+Hauser MEAC300-FNADE4 product, all firmware versions, where the device automatically logs in the EPC2 Windows user during startup without requiring a password. This issue represents a missing authorization flaw, potentially allowing unauthorized access to the user's session.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the EPC2 Windows user account, allowing an attacker to interact with the system under that user's privileges.

Remediation

Users are advised to update the Endress+Hauser MEAC300-FNADE4 to the latest version. General security practices should also be applied to minimize network exposure and ensure the device operates in a secure IT environment.

Added: Jul 3, 2025, 12:28 PM

Updated: Jul 3, 2025, 12:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Endress+Hauser MEAC300-FNADE4 Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating