Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-49183 (GCVE-0-2025-49183)
Vulnerability from cvelistv5 – Published: 2025-06-12 13:21 – Updated: 2025-06-13 08:18
VLAI?
EPSS
Title
Unencrypted communication (HTTP)
Summary
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
Severity ?
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://sick.com/psirt | x_SICK PSIRT Website |
| https://cdn.sick.com/media/docs/1/11/411/Special_… | x_SICK Operating Guidelines |
| https://www.cisa.gov/resources-tools/resources/ic… | x_ICS-CERT recommended practices on Industrial Security |
| https://www.first.org/cvss/calculator/3.1 | x_CVSS v3.1 Calculator |
| https://www.sick.com/.well-known/csaf/white/2025/… | vendor-advisory |
| https://www.sick.com/.well-known/csaf/white/2025/… | vendor-advisoryx_csaf |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
all versions
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T13:45:46.280576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T13:45:50.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003e\n\n\u003ccode\u003eAll communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.\u003c/code\u003e\n\n\u003c/code\u003e"
}
],
"value": "All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T08:18:11.333Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Unencrypted communication (HTTP)",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.\u003c/code\u003e"
}
],
"value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49183",
"datePublished": "2025-06-12T13:21:57.463Z",
"dateReserved": "2025-06-03T05:55:52.772Z",
"dateUpdated": "2025-06-13T08:18:11.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-49183",
"date": "2026-05-12",
"epss": "0.00209",
"percentile": "0.43111"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-49183\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2025-06-12T14:15:30.580\",\"lastModified\":\"2026-01-29T17:59:18.600\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.\"},{\"lang\":\"es\",\"value\":\"Toda la comunicaci\u00f3n con la API REST no est\u00e1 cifrada (HTTP), lo que permite a un atacante interceptar el tr\u00e1fico entre un actor y el servidor web. Esto permite la recopilaci\u00f3n de informaci\u00f3n y la descarga de archivos multimedia.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-319\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A30940D7-F22D-415A-94A3-493D531514BB\"}]}]}],\"references\":[{\"url\":\"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\",\"source\":\"psirt@sick.de\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://sick.com/psirt\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\",\"source\":\"psirt@sick.de\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://www.first.org/cvss/calculator/3.1\",\"source\":\"psirt@sick.de\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-49183\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-12T13:45:46.280576Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-12T13:45:48.082Z\"}}], \"cna\": {\"title\": \"Unencrypted communication (HTTP)\", \"source\": {\"advisory\": \"sca-2025-0007\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SICK AG\", \"product\": \"SICK Media Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://sick.com/psirt\", \"tags\": [\"x_SICK PSIRT Website\"]}, {\"url\": \"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\", \"tags\": [\"x_SICK Operating Guidelines\"]}, {\"url\": \"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\", \"tags\": [\"x_ICS-CERT recommended practices on Industrial Security\"]}, {\"url\": \"https://www.first.org/cvss/calculator/3.1\", \"tags\": [\"x_CVSS v3.1 Calculator\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json\", \"tags\": [\"vendor-advisory\", \"x_csaf\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ccode\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.\u003c/code\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ccode\u003e\\n\\n\u003ccode\u003eAll communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.\u003c/code\u003e\\n\\n\u003c/code\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-319\", \"description\": \"CWE-319 Cleartext Transmission of Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"shortName\": \"SICK AG\", \"dateUpdated\": \"2025-06-13T08:18:11.333Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-49183\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-13T08:18:11.333Z\", \"dateReserved\": \"2025-06-03T05:55:52.772Z\", \"assignerOrgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"datePublished\": \"2025-06-12T13:21:57.463Z\", \"assignerShortName\": \"SICK AG\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2025-49183
Vulnerability from fkie_nvd - Published: 2025-06-12 14:15 - Updated: 2026-01-29 17:59
Severity ?
Summary
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | media_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A30940D7-F22D-415A-94A3-493D531514BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files."
},
{
"lang": "es",
"value": "Toda la comunicaci\u00f3n con la API REST no est\u00e1 cifrada (HTTP), lo que permite a un atacante interceptar el tr\u00e1fico entre un actor y el servidor web. Esto permite la recopilaci\u00f3n de informaci\u00f3n y la descarga de archivos multimedia."
}
],
"id": "CVE-2025-49183",
"lastModified": "2026-01-29T17:59:18.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@sick.de",
"type": "Secondary"
}
]
},
"published": "2025-06-12T14:15:30.580",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Broken Link"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/psirt"
},
{
"source": "psirt@sick.de",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"source": "psirt@sick.de",
"tags": [
"Not Applicable"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "psirt@sick.de",
"type": "Secondary"
}
]
}
GHSA-RPP7-MXQC-MP33
Vulnerability from github – Published: 2025-06-12 15:31 – Updated: 2025-06-12 15:31
VLAI?
Details
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2025-49183"
],
"database_specific": {
"cwe_ids": [
"CWE-319"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-12T14:15:30Z",
"severity": "HIGH"
},
"details": "All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.",
"id": "GHSA-rpp7-mxqc-mp33",
"modified": "2025-06-12T15:31:22Z",
"published": "2025-06-12T15:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49183"
},
{
"type": "WEB",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
SCA-2025-0007
Vulnerability from csaf_sick - Published: 2025-06-12 13:00 - Updated: 2025-06-12 13:00Summary
Multiple vulnerabilities in SICK Field Analytics and SICK Media Server
Notes
summary: SICK has found multiple vulnerabilities in the products SICK Field Analytics and SICK Media Server. The vulnerabilities could potentially affect the confidentiality, integrity an availability of the products. Therefore it is strongly recommended to apply general security practices when operating the products. Currently SICK is not aware of any public exploits.
General Security Measures: As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification: SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
8.6 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server all versions
SICK AG / Media Server
|
vers:all/* |
Mitigation
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server <= 1.4
SICK AG / Media Server
|
<= 1.4 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server all versions
SICK AG / Media Server
|
vers:all/* |
Workaround
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
5.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
|
SICK Media Server all versions
SICK AG / Media Server
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server <= 1.4
SICK AG / Media Server
|
<= 1.4 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
4.8 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
4.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
|
SICK Media Server <= 1.4
SICK AG / Media Server
|
<= 1.4 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
4.2 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
|
SICK Media Server <= 1.4
SICK AG / Media Server
|
<= 1.4 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server all versions
SICK AG / Media Server
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server all versions
SICK AG / Media Server
|
vers:all/* |
Workaround
|
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server <= 1.4
SICK AG / Media Server
|
<= 1.4 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
CWE-330
- Use of Insufficiently Random Values
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server all versions
SICK AG / Media Server
|
vers:all/* |
Workaround
|
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "SICK has found multiple vulnerabilities in the products SICK Field Analytics and SICK Media Server. The vulnerabilities could potentially affect the confidentiality, integrity an availability of the products. Therefore it is strongly recommended to apply general security practices when operating the products. Currently SICK is not aware of any public exploits.",
"title": "summary"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"title": "Multiple vulnerabilities in SICK Field Analytics and SICK Media Server",
"tracking": {
"current_release_date": "2025-06-12T13:00:00.000Z",
"generator": {
"date": "2025-06-12T12:05:52.309Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.27"
}
},
"id": "SCA-2025-0007",
"initial_release_date": "2025-06-12T13:00:00.000Z",
"revision_history": [
{
"date": "2025-06-12T13:00:00.000Z",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-30T07:30:49.000Z",
"number": "2",
"summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Field Analytics all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"1613101"
]
}
}
}
],
"category": "product_name",
"name": "Field Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Media Server all versions",
"product_id": "CSAFPID-0002"
}
},
{
"category": "product_version_range",
"name": "\u003c= 1.4",
"product": {
"name": "SICK Media Server \u003c= 1.4",
"product_id": "CSAFPID-0003"
}
},
{
"category": "product_version",
"name": "1.5",
"product": {
"name": "SICK Media Server 1.5",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Media Server"
}
],
"category": "vendor",
"name": "SICK AG"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-49181",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files\u0027 root path as well as the TCP ports the service is running on, leading to a Denial of Service attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is possible to enable the authorization of the API endpoint via licence. Please contact your support to get a licence with API authorization enabled.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 8.6,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.6,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "Web Content - Configurations endpoint does not require authorization"
},
{
"cve": "CVE-2025-49182",
"cwe": {
"id": "CWE-540",
"name": "Inclusion of Sensitive Information in Source Code"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0004"
],
"known_affected": [
"CSAFPID-0003"
],
"recommended": [
"CSAFPID-0004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5). It is also advised to change the default passwords.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Web Content - Credential disclosure"
},
{
"cve": "CVE-2025-49183",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "Web Content - Unencrypted communication (HTTP)"
},
{
"cve": "CVE-2025-49184",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Web Content - Information disclosure to unauthorized user"
},
{
"cve": "CVE-2025-49185",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Web Content - Stored Cross-Site-Script"
},
{
"cve": "CVE-2025-49186",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "workaround",
"details": "It is highly recommended to use a strong password with a length of at least eight characters and a combination of letters, numbers, capital letters and symbols. Please make also sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "Web Content - No brute-force protection"
},
{
"cve": "CVE-2025-49187",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "It is highly recommended to use a strong password with a length of at least eight characters and a combination of letters, numbers, capital letters and symbols. Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Web Content - User enumeration"
},
{
"cve": "CVE-2025-49188",
"cwe": {
"id": "CWE-598",
"name": "Use of GET Request Method With Sensitive Query Strings"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Web Content - Sensitive Data in URL"
},
{
"cve": "CVE-2025-49189",
"cwe": {
"id": "CWE-1004",
"name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
},
"notes": [
{
"category": "summary",
"text": "The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0004"
],
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5).",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Web Content - Cookie missing HttpOnly flag"
},
{
"cve": "CVE-2025-49190",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server internal requests to other ports.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Web Content - Server-Side Request Forgery"
},
{
"cve": "CVE-2025-49191",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.8,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 4.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Web Content - Dashboards and iFrames can link malicious web content"
},
{
"cve": "CVE-2025-49192",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of their computer while clicking on seemingly innocuous objects.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0004"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5).",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0003"
]
}
],
"title": "Web Content - Clickjacking"
},
{
"cve": "CVE-2025-49193",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0004"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5).",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.2,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0003"
]
}
],
"title": "Web Content - Missing HTTP Security Headers"
},
{
"cve": "CVE-2025-49194",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "FTP Server - Unencrypted communication"
},
{
"cve": "CVE-2025-49195",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The FTP server\u2019s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "workaround",
"details": "It is highly recommended to use a strong password with a length of at least eight characters and a combination of letters, numbers, capital letters and symbols. Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "FTP Server - No protection against brute-force attacks"
},
{
"cve": "CVE-2025-49196",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": " Cryptography - Deprecated TLS version supported"
},
{
"cve": "CVE-2025-49197",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0004"
],
"known_affected": [
"CSAFPID-0003"
],
"recommended": [
"CSAFPID-0004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to upgrade to the latest version.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Cryptography - Weak password hash"
},
{
"cve": "CVE-2025-49198",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The Media Server\u2019s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 3.1,
"environmentalSeverity": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.1,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "Cryptography - Poor quality of randomness in authorization tokens"
},
{
"cve": "CVE-2025-49199",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Backup - Backup files can be modified and uploaded"
},
{
"cve": "CVE-2025-49200",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files. ",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Backup - Unencrypted backup contains sensitive information"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…