CVE-2025-27460
BaseFortify
Publication date: 2025-07-03
Last updated on: 2026-02-06
Assigner: SICK AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| endress | meac300-fnade4_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-326 | The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. |
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs because the device's hard drives are not encrypted with full volume encryption like BitLocker. An attacker with physical access can bypass the Windows login by using an alternative operating system to access the hard drives directly, allowing them to read and write all files on the device.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with physical access to fully access, modify, or delete all data on the device's hard drives, bypassing any Windows login protections. This can lead to data theft, data loss, or unauthorized data manipulation.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, enable full volume encryption on the device's hard drives using a feature such as BitLocker. This will prevent attackers with physical access from bypassing the Windows login by using an alternative operating system to access the hard drives.