CVE-2025-27450 – This vulnerability in the MEAC300-FNADE4 device... (How to Fix)

Q: What is the severity of CVE-2025-27450?

CVE-2025-27450 has a CVSS score of 6.5 (MEDIUM). This vulnerability in the MEAC300-FNADE4 device allows session hijacking because cookies lack the Secure attribute. Attackers can intercept PHPSESSID cookies via unencrypted HTTP connections, potentially gaining unauthorized access. Industrial control systems using this SICK device are affected.

📋 TL;DR

This vulnerability in the MEAC300-FNADE4 device allows session hijacking because cookies lack the Secure attribute. Attackers can intercept PHPSESSID cookies via unencrypted HTTP connections, potentially gaining unauthorized access. Industrial control systems using this SICK device are affected.

💻 Affected Systems

Products:

SICK MEAC300-FNADE4

Versions: Specific versions unknown from CVE description; likely multiple versions before patch

Operating Systems: Embedded/industrial OS specific to the device

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default cookie configuration; requires HTTP access to exploit

📦 What is this software?

Meac300 Fnade4 Firmware by Endress

View all CVEs affecting Meac300 Fnade4 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full session takeover leading to unauthorized control of industrial processes, data manipulation, or operational disruption in critical infrastructure.

🟠

Likely Case

Session hijacking allowing unauthorized access to device configuration interfaces, potentially leading to data exposure or limited system manipulation.

🟢

If Mitigated

Minimal impact if HTTPS-only connections are enforced and network segmentation isolates the device from untrusted networks.

🌐 Internet-Facing: HIGH - Direct internet exposure enables easy cookie interception via HTTP downgrade attacks.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this via ARP spoofing or network interception.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires tricking users to HTTP connection or intercepting network traffic; no authentication needed for cookie interception

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version; check SICK PSIRT for details

Vendor Advisory: https://sick.com/psirt

Restart Required: Yes

Instructions:

1. Check SICK PSIRT for specific patch version. 2. Apply firmware update from SICK. 3. Restart device. 4. Verify Secure attribute is set on all cookies.

🔧 Temporary Workarounds

Enforce HTTPS Only

all

Configure web server to redirect all HTTP traffic to HTTPS and disable HTTP access

Device-specific configuration via web interface

Network Segmentation

all

Isolate device in separate VLAN with strict access controls

Switch/router configuration commands vary by vendor

🧯 If You Can't Patch

Deploy network-level SSL/TLS termination proxy that adds Secure flag to cookies
Implement strict network access controls and monitor for HTTP connection attempts

🔍 How to Verify

Check if Vulnerable:

Inspect browser developer tools or use curl: check if PHPSESSID cookie lacks 'Secure' attribute when accessing device

Check Version:

Check device web interface for firmware version or use SICK configuration tools

Verify Fix Applied:

Verify cookies now include 'Secure' attribute and HTTP redirects to HTTPS

📡 Detection & Monitoring

Log Indicators:

HTTP connection attempts to device IP
Multiple session creations from different IPs
Failed authentication attempts after session establishment

Network Indicators:

Unencrypted HTTP traffic to device on port 80
Cookie headers without Secure flag in packet captures

SIEM Query:

source_ip="device_ip" AND (protocol="HTTP" OR port=80) AND (cookie="PHPSESSID" AND NOT cookie="Secure")

📊 Metadata

CVE ID: CVE-2025-27450

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-614

EPSS Score: 0.03% exploit probability (9.6th percentile)

Published: July 3, 2025

Last Updated: February 6, 2026

🔗 References

https://sick.com/psirt Vendor Advisory
https://sick.com/psirt Vendor Advisory
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices US Government Resource
https://www.endress.com Product
https://www.first.org/cvss/calculator/3.1 Not Applicable
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.json Vendor Advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0008.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27450, you might also want to check these: