CVE-2025-0867 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-0867 PUBLISHED CVSS 9.899999618530273 CRITICAL

The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level.

EPSS 0.38% · 59.5th percentile

Risk Scores

CVSS v3.1

9.899999618530273

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.38%

59.5th percentile

Affected Products

Vendor	Product	Versions
SICK AG	SICK MEAC300	0

Timeline

Jan 30, 2025 CVE ID Reserved
Feb 14, 2025 CVE Published
Feb 14, 2025 PoC Published
Feb 14, 2025 PoC Published
Feb 14, 2025 PoC Published
Feb 14, 2025 PoC Published
Feb 14, 2025 PoC Published
Feb 15, 2025 EPSS Score
Feb 15, 2025 PoC Published
Feb 15, 2025 PoC Published
Feb 20, 2025 PoC Published
Feb 20, 2025 PoC Published

References

Open in Interactive Console →