{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27455", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2025-02-26T08:39:58.980Z", "datePublished": "2025-07-03T11:30:49.265Z", "dateUpdated": "2025-07-03T13:15:59.115Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Endress+Hauser MEAC300-FNADE4", "vendor": "Endress+Hauser", "versions": [{"lessThanOrEqual": "<=0.16.0", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Endress+Hauser MEAC300-FNADE4", "vendor": "Endress+Hauser", "versions": [{"status": "unaffected", "version": ">=0.17.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects.</p>"}], "value": "The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "environmentalScore": 4.3, "environmentalSeverity": "MEDIUM", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 4.3, "temporalSeverity": "MEDIUM", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-07-03T11:30:49.265Z"}, "references": [{"tags": ["x_Endress+Hauser"], "url": "https://www.endress.com"}, {"tags": ["x_SICK PSIRT Security Advisories"], "url": "https://sick.com/psirt"}, {"tags": ["x_ICS-CERT recommended practices on Industrial Security"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"tags": ["x_CVSS v3.1 Calculator"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"tags": ["x_The canonical URL."], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json"}, {"tags": ["vendor-advisory"], "url": "https://sick.com/psirt"}, {"tags": ["vendor-advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Customers are strongly advised to update to the newest version.</p>"}], "value": "Customers are strongly advised to update to the newest version."}], "source": {"advisory": "SCA-2025-0008", "discovery": "INTERNAL"}, "title": "CVE-2025-27455", "x_generator": {"engine": "csaf2cve 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-03T12:59:47.844638Z", "id": "CVE-2025-27455", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-03T13:15:59.115Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27455", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-03T12:59:47.844638Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-03T13:04:17.287Z"}}], "cna": {"title": "CVE-2025-27455", "source": {"advisory": "SCA-2025-0008", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "temporalScore": 4.3, "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "temporalSeverity": "MEDIUM", "availabilityImpact": "NONE", "environmentalScore": 4.3, "privilegesRequired": "NONE", "confidentialityImpact": "NONE", "environmentalSeverity": "MEDIUM"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Endress+Hauser", "product": "Endress+Hauser MEAC300-FNADE4", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "<=0.16.0"}], "defaultStatus": "unaffected"}, {"vendor": "Endress+Hauser", "product": "Endress+Hauser MEAC300-FNADE4", "versions": [{"status": "unaffected", "version": ">=0.17.0", "versionType": "custom"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "Customers are strongly advised to update to the newest version.", "supportingMedia": [{"type": "text/html", "value": "<p>Customers are strongly advised to update to the newest version.</p>", "base64": false}]}], "references": [{"url": "https://www.endress.com", "tags": ["x_Endress+Hauser"]}, {"url": "https://sick.com/psirt", "tags": ["x_SICK PSIRT Security Advisories"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["x_ICS-CERT recommended practices on Industrial Security"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["x_CVSS v3.1 Calculator"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json", "tags": ["x_The canonical URL."]}, {"url": "https://sick.com/psirt", "tags": ["vendor-advisory"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "csaf2cve 0.2.0"}, "descriptions": [{"lang": "en", "value": "The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects.", "supportingMedia": [{"type": "text/html", "value": "<p>The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-07-03T11:30:49.265Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27455", "state": "PUBLISHED", "dateUpdated": "2025-07-03T13:15:59.115Z", "dateReserved": "2025-02-26T08:39:58.980Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2025-07-03T11:30:49.265Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects."}], "id": "CVE-2025-27455", "lastModified": "2025-07-03T15:13:53.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@sick.de", "type": "Secondary"}]}, "published": "2025-07-03T12:15:23.520", "references": [{"source": "psirt@sick.de", "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"source": "psirt@sick.de", "url": "https://www.endress.com"}, {"source": "psirt@sick.de", "url": "https://www.first.org/cvss/calculator/3.1"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}], "source": "psirt@sick.de", "type": "Secondary"}]}

{}