- Description
- The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level.
- Source
- psirt@sick.de
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@sick.de
- CWE-522
- Hype score
- Not currently trending
π¨ CVE-2025-0867 β οΈπ΄ CRITICAL (9.9) π’ SICK AG - SICK MEAC300-FNADE4 ποΈ all versions π https://t.co/PKW22JmenK π https://t.co/VTKsZbYH9T π https://t.co/fkinZs823B π https://t.co/IVFmRVXPTp π https://t.co/fXEITmPhXw π https://t.co/LQIwErJNmZ #CyberCron #VulnAlert https://t
@cybercronai
15 Feb 2025
122 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
CVE-2025-0867 The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credenti⦠https://t.co/NeZ8AT5Tls
@CVEnew
14 Feb 2025
203 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-0867: CRITICAL] Avoid storing administrator credentials for automatic system startup to prevent unauthorized privilege escalation in MEAC applications using the run as function. #CyberSecurity#cybersecurity,#vulnerability https://t.co/VXvSxEPugG https://t.co/7mhM0YLVci
@CveFindCom
14 Feb 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes