Endress Security Vulnerabilities (CVEs)

Track 19 security vulnerabilities affecting Endress products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

2 Critical

7 High

10 Medium

Sort by:

🔔 Get Alerts for Endress

CVE-2025-27460 7.6

This vulnerability allows attackers with physical access to bypass Windows login security by booting from an alternative operating system, enabling fu...

Jul 3, 2025

CVE-2025-27461 7.6

This vulnerability allows automatic login to the EPC2 Windows user account without password authentication during device startup. It affects industria...

Jul 3, 2025

CVE-2025-27452 5.3

This vulnerability affects Apache httpd webservers running the MEAC300-FNADE4 web application with unnecessary modules enabled. It allows directory li...

Jul 3, 2025

CVE-2025-27454 4.3

This CSRF vulnerability allows attackers to trick authenticated users into performing unintended actions on their behalf. Attackers can craft maliciou...

Jul 3, 2025

CVE-2025-27455 4.3

This clickjacking vulnerability allows attackers to embed the web application in malicious frames, tricking users into clicking hidden elements. This ...

Jul 3, 2025

CVE-2025-27456 7.5

This vulnerability allows attackers to perform brute-force attacks against SMB server login mechanisms due to insufficient rate limiting. It affects s...

Jul 3, 2025

CVE-2025-27457 6.5

CVE-2025-27457 is a cleartext transmission vulnerability in VNC communications that allows attackers to intercept unencrypted traffic between VNC serv...

Jul 3, 2025

CVE-2025-27458 6.5

This vulnerability in VNC authentication allows attackers to capture challenge-response pairs from unencrypted network traffic and attempt to derive t...

Jul 3, 2025

CVE-2025-27453 5.3

This vulnerability allows client-side scripts (like JavaScript) to access the PHPSESSION cookie because the HttpOnly flag is disabled. This affects we...

Jul 3, 2025

CVE-2025-1710 7.5

CVE-2025-1710 is an authentication brute-force vulnerability in maxView Storage Manager that allows attackers to guess credentials through repeated lo...

Jul 3, 2025

CVE-2025-27447 7.4

This cross-site scripting (XSS) vulnerability allows attackers to inject malicious JavaScript into the web application via specially crafted URLs. Whe...

Jul 3, 2025

CVE-2025-27448 6.8

This cross-site scripting (XSS) vulnerability allows attackers to inject malicious JavaScript into dashboard names in a web application. When users vi...

Jul 3, 2025

CVE-2025-27449 7.5

The MEAC300-FNADE4 device lacks rate limiting for authentication attempts, allowing attackers to systematically guess passwords via brute-force attack...

Jul 3, 2025

CVE-2025-27450 6.5

This vulnerability in the MEAC300-FNADE4 device allows session hijacking because cookies lack the Secure attribute. Attackers can intercept PHPSESSID ...

Jul 3, 2025

CVE-2025-27451 5.3

This vulnerability allows attackers to enumerate valid usernames by observing different error messages for incorrect passwords versus non-existent use...

Jul 3, 2025

CVE-2025-1709 6.5

This vulnerability exposes PostgreSQL database credentials stored in plain text (partially base64 encoded) in SICK industrial control systems. Attacke...

Jul 3, 2025

CVE-2025-1708 8.6

This SQL injection vulnerability in PostgreSQL allows attackers to execute arbitrary SQL commands and dump database contents. It affects applications ...

Jul 3, 2025

CVE-2024-6596 9.8

CVE-2024-6596 is a critical remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary C# code via malicious curve...

Sep 10, 2024

CVE-2020-12495 9.1

This vulnerability allows privilege escalation in Endress+Hauser Ecograph T devices. When users with lower privileges log in, they may inherit higher ...

Nov 19, 2020

Why Monitor Endress Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 19+ known vulnerabilities affecting Endress products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Endress packages in under 60 seconds. No agents required - completely agentless scanning that works across Endress deployments.

Free vulnerability database: Access detailed information about every Endress CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Endress CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Endress CVEs Free