• 1
  • 2 (current)

Endress+Hauser: Multiple vulnerabilities in Endress+Hauser MEAC300-FNADE4

Several vulnerabilities in the Endress+Hauser MEAC300-FNADE4 were discovered, that can be accessed via Ethernet.


CVE-2025-1708: 8.6
CVE-2025-27461: 7.6
CVE-2025-27460: 7.6
CVE-2025-27449: 7.5
CVE-2025-1710: 7.5
CVE-2025-27456: 7.5
CVE-2025-27447: 7.4
CVE-2025-27448: 6.8
CVE-2025-27458: 6.5
CVE-2025-27450: 6.5
CVE-2025-1709: 6.5
CVE-2025-27457: 6.5
CVE-2025-27451: 5.3
CVE-2025-27453: 5.3
CVE-2025-27452: 5.3
CVE-2025-27459: 4.4
CVE-2025-1711: 4.3
CVE-2025-27454: 4.3
CVE-2025-27455: 4.3

Pilz: Authentication Bypass in IndustrialPI Webstatus

The Pilz industrial PC IndustrialPI webstatus application is vulnerable to an authentication bypass.


CVE-2025-41648: 9.8

Pilz: Missing Authentication in Node-RED integration

Authentication is not configured by default for the Node-RED server on the Pilz industrial PC IndustrialPI. An unauthenticated remote attacker has full access to the Node-RED server and can run arbitrary operating system commands on the underlying operating system with privileged rights.


CVE-2025-41656: 10
  • 1
  • 2 (current)

Feeds

By Vendor

Archive

2025
2024
2023
2022
2021
2020
2019
2018
2017

Legend

(Scoring for CVSS 2.0,3.0+3.1)
None
No CVE available
Low
0.1 <= 3.9
Medium
4.0 <= 6.9
High
7.0 <= 8.9
Critical
9.0 <= 10.0