CVE-2025-0867— Privilege Escalation in MEAC300
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-0867
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege Escalation in MEAC300
Source: NVD (National Vulnerability Database)
Vulnerability Description
The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This allows a privilege escalation to the administrative level.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的凭证保护机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
SICK MEAC300 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SICK MEAC300是德国SICK公司的一款多通道气体分析仪,主要用于工业环境中对多种气体浓度的实时监测和分析。 SICK MEAC300存在安全漏洞,该漏洞源于标准用户以管理员权限启动应用且存储管理员凭证,会导致EPC2用户权限提升至管理员级。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SICK AG | SICK MEAC300 | 0 ~ 4.0.54.21 | - |
II. Public POCs for CVE-2025-0867
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-0867
请登录查看更多情报信息。
Same Patch Batch · SICK AG · 2025-02-14 · 3 CVEs total
| CVE-2025-0592 | 8.8 HIGH | SICK Lector8xx and InspectorP8xx vulnerable for code execution |
| CVE-2025-0593 | 8.8 HIGH | SICK Lector8xx and InspectorP8xx vulnerable for code execution |
IV. Related Vulnerabilities
Same weakness: CWE-522
- CVE-2026-42295
Argo Workflows: Exposure of artifact repository credentials - CVE-2026-41506
go-git Credential leak via cross-host redirect in smart HTTP - CVE-2025-62345
HCL BigFix RunBookAI is affected by a Continued availability - CVE-2026-23927
Agent 2 Oracle plugin TNS connection string injection via th - CVE-2026-42367
GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege
V. Comments for CVE-2025-0867
No comments yet