4 matches found
CVE-2025-0867
The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This...
CVE-2025-0867
creationtimestamp| type| source ---|---|--- 2025-02-14 12:49:42+00:00| seen| https://infosec.exchange/users/cve/statuses/114002321891252776 2025-02-14 12:53:40+00:00| seen| https://infosec.exchange/users/cve/statuses/114002337449684066 2025-02-14 13:16:08+00:00| seen|...
CVE-2025-0867 Privilege Escalation in MEAC300
The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This...
CVE-2025-0867
CVE-2025-0867 affects SICK MEAC300 (and variants such as MEAC300-FNADE4). Root cause: a standard user can start MEAC applications via the Run As function while administrator credentials are stored, enabling EPC2 to execute commands with administrative privileges and perform privilege escalation. ...