Search criteria
21 vulnerabilities found for media_server by sick
CVE-2025-49198 (GCVE-0-2025-49198)
Vulnerability from nvd – Published: 2025-06-12 14:24 – Updated: 2025-06-17 19:02
VLAI?
Title
Poor quality of randomness in authorization tokens
Summary
The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.
Severity ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
all versions
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:39:42.450840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:02:49.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eThe Media Server\u2019s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.\u003c/code\u003e"
}
],
"value": "The Media Server\u2019s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T08:21:10.652Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Poor quality of randomness in authorization tokens",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.\u003c/code\u003e"
}
],
"value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49198",
"datePublished": "2025-06-12T14:24:55.991Z",
"dateReserved": "2025-06-03T05:58:15.616Z",
"dateUpdated": "2025-06-17T19:02:49.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49197 (GCVE-0-2025-49197)
Vulnerability from nvd – Published: 2025-06-12 14:23 – Updated: 2025-06-17 19:03
VLAI?
Title
Deprecated TLS version supported
Summary
The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.
Severity ?
6.5 (Medium)
CWE
- CWE-328 - Use of Weak Hash
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
0 , < 1.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:39:19.530150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:03:20.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eThe application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.\u003c/code\u003e"
}
],
"value": "The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328 Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:23:04.373Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eIt is strongly recommended to upgrade to the latest version.\u003c/code\u003e"
}
],
"value": "It is strongly recommended to upgrade to the latest version."
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Deprecated TLS version supported",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49197",
"datePublished": "2025-06-12T14:23:04.373Z",
"dateReserved": "2025-06-03T05:58:15.616Z",
"dateUpdated": "2025-06-17T19:03:20.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49194 (GCVE-0-2025-49194)
Vulnerability from nvd – Published: 2025-06-12 14:17 – Updated: 2025-06-13 06:14
VLAI?
Title
Unencrypted communication
Summary
The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.
Severity ?
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
all versions
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:33:26.949270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:33:30.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eThe server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.\u003c/code\u003e"
}
],
"value": "The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T06:14:44.270Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Unencrypted communication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.\u003c/code\u003e"
}
],
"value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49194",
"datePublished": "2025-06-12T14:17:36.499Z",
"dateReserved": "2025-06-03T05:58:15.616Z",
"dateUpdated": "2025-06-13T06:14:44.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49195 (GCVE-0-2025-49195)
Vulnerability from nvd – Published: 2025-06-12 14:19 – Updated: 2025-06-13 06:16
VLAI?
Title
No protection against brute-force attacks
Summary
The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.
Severity ?
5.3 (Medium)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
all versions
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:33:13.998394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:33:17.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eThe FTP server\u2019s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.\u003c/code\u003e"
}
],
"value": "The FTP server\u2019s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T06:16:40.051Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "No protection against brute-force attacks",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eIt is highly recommended to use a strong password with a length of at least eight characters and a combination of letters, numbers, capital letters and symbols. Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.\u003c/code\u003e"
}
],
"value": "It is highly recommended to use a strong password with a length of at least eight characters and a combination of letters, numbers, capital letters and symbols. Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49195",
"datePublished": "2025-06-12T14:19:21.686Z",
"dateReserved": "2025-06-03T05:58:15.616Z",
"dateUpdated": "2025-06-13T06:16:40.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49193 (GCVE-0-2025-49193)
Vulnerability from nvd – Published: 2025-06-12 14:15 – Updated: 2025-10-06 07:23
VLAI?
Title
Missing HTTP Security Headers
Summary
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).
Severity ?
4.2 (Medium)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SICK AG | Field Analytics |
Affected:
all versions
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:33:45.757872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:33:49.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Field Analytics",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Media Server",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Baggage Analytics",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all version"
}
]
},
{
"defaultStatus": "affected",
"product": "Tire Analytics",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all version"
}
]
},
{
"defaultStatus": "affected",
"product": "Package Analytics",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "affected",
"product": "Logistic Diagnostic Analytics",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eThe application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).\u003c/code\u003e"
}
],
"value": "The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T07:23:25.144Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eMedia Server: Users are strongly recommended to upgrade to the latest release of Media Server (\u0026gt;= 1.5).\u003c/code\u003e"
}
],
"value": "Media Server: Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5)."
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Missing HTTP Security Headers",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eField Analytics: Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.\u003c/code\u003e"
}
],
"value": "Field Analytics: Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49193",
"datePublished": "2025-06-12T14:15:07.492Z",
"dateReserved": "2025-06-03T05:58:15.616Z",
"dateUpdated": "2025-10-06T07:23:25.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49183 (GCVE-0-2025-49183)
Vulnerability from nvd – Published: 2025-06-12 13:21 – Updated: 2025-06-13 08:18
VLAI?
Title
Unencrypted communication (HTTP)
Summary
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
Severity ?
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
all versions
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T13:45:46.280576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T13:45:50.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003e\n\n\u003ccode\u003eAll communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.\u003c/code\u003e\n\n\u003c/code\u003e"
}
],
"value": "All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T08:18:11.333Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Unencrypted communication (HTTP)",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.\u003c/code\u003e"
}
],
"value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49183",
"datePublished": "2025-06-12T13:21:57.463Z",
"dateReserved": "2025-06-03T05:55:52.772Z",
"dateUpdated": "2025-06-13T08:18:11.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49182 (GCVE-0-2025-49182)
Vulnerability from nvd – Published: 2025-06-12 13:15 – Updated: 2025-06-16 16:46
VLAI?
Title
Credential disclosure
Summary
Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.
Severity ?
7.5 (High)
CWE
- CWE-540 - Inclusion of Sensitive Information in Source Code
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
0 , < 1.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T13:25:28.200651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:46:15.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eFiles in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.\u003c/code\u003e"
}
],
"value": "Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-540",
"description": "CWE-540 Inclusion of Sensitive Information in Source Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T08:17:26.780Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5). It is also advised to change the default passwords."
}
],
"value": "Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5). It is also advised to change the default passwords."
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Credential disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49182",
"datePublished": "2025-06-12T13:15:02.172Z",
"dateReserved": "2025-06-03T05:55:52.772Z",
"dateUpdated": "2025-06-16T16:46:15.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-49198
Vulnerability from fkie_nvd - Published: 2025-06-12 15:15 - Updated: 2026-01-26 19:27
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | media_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A30940D7-F22D-415A-94A3-493D531514BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Media Server\u2019s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens."
},
{
"lang": "es",
"value": "Los tokens de autorizaci\u00f3n del servidor multimedia presentan una aleatoriedad deficiente. Un atacante podr\u00eda adivinar el token de un usuario activo calculando tokens plausibles."
}
],
"id": "CVE-2025-49198",
"lastModified": "2026-01-26T19:27:02.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "psirt@sick.de",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-12T15:15:40.113",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Broken Link"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/psirt"
},
{
"source": "psirt@sick.de",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"source": "psirt@sick.de",
"tags": [
"Not Applicable"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "psirt@sick.de",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49194
Vulnerability from fkie_nvd - Published: 2025-06-12 15:15 - Updated: 2026-01-26 19:29
Severity ?
Summary
The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | media_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A30940D7-F22D-415A-94A3-493D531514BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed."
},
{
"lang": "es",
"value": "El servidor admite m\u00e9todos de autenticaci\u00f3n que env\u00edan las credenciales en texto plano a trav\u00e9s de canales sin cifrar. Si un atacante interceptara el tr\u00e1fico entre un cliente y este servidor, las credenciales quedar\u00edan expuestas."
}
],
"id": "CVE-2025-49194",
"lastModified": "2026-01-26T19:29:18.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@sick.de",
"type": "Secondary"
}
]
},
"published": "2025-06-12T15:15:39.573",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Broken Link"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/psirt"
},
{
"source": "psirt@sick.de",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"source": "psirt@sick.de",
"tags": [
"Not Applicable"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "psirt@sick.de",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49197
Vulnerability from fkie_nvd - Published: 2025-06-12 15:15 - Updated: 2026-01-26 19:27
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | media_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "818583F6-0347-4D38-863F-5D1C391C427E",
"versionEndExcluding": "1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n utiliza una funci\u00f3n hash de contrase\u00f1a d\u00e9bil, lo que permite a un atacante descifrar el hash de contrase\u00f1a d\u00e9bil para obtener acceso a una cuenta de usuario FTP."
}
],
"id": "CVE-2025-49197",
"lastModified": "2026-01-26T19:27:39.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@sick.de",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-12T15:15:39.987",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Broken Link"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/psirt"
},
{
"source": "psirt@sick.de",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"source": "psirt@sick.de",
"tags": [
"Not Applicable"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-328"
}
],
"source": "psirt@sick.de",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49193
Vulnerability from fkie_nvd - Published: 2025-06-12 15:15 - Updated: 2026-01-26 19:30
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | baggage_analytics | * | |
| sick | field_analytics | * | |
| sick | logistic_diagnostic_analytics | * | |
| sick | media_server | * | |
| sick | package_analytics | * | |
| sick | tire_analytics | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:baggage_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E62416BA-1BF1-43BD-98B2-57BD34128419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sick:field_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62EE84A7-E93D-411E-A6FC-4BEE5F4CD16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sick:logistic_diagnostic_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27031959-2981-4755-9E3D-02CD083F2B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "818583F6-0347-4D38-863F-5D1C391C427E",
"versionEndExcluding": "1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5955214B-0D71-449A-BFD4-8804FDF91CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sick:tire_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86C0BA69-E701-45A3-ADA5-130B8AD9DF15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks)."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n no implementa varios encabezados de seguridad. Estos encabezados ayudan a aumentar el nivel general de seguridad de la aplicaci\u00f3n web, por ejemplo, impidiendo que la aplicaci\u00f3n se muestre en un iFrame (ataques de clickjacking) o que se ejecute c\u00f3digo JavaScript malicioso inyectado (ataques XSS)."
}
],
"id": "CVE-2025-49193",
"lastModified": "2026-01-26T19:30:49.307",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "psirt@sick.de",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-12T15:15:39.433",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Broken Link"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/psirt"
},
{
"source": "psirt@sick.de",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"source": "psirt@sick.de",
"tags": [
"Not Applicable"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "psirt@sick.de",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49195
Vulnerability from fkie_nvd - Published: 2025-06-12 15:15 - Updated: 2026-01-26 19:28
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | media_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A30940D7-F22D-415A-94A3-493D531514BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FTP server\u2019s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server."
},
{
"lang": "es",
"value": "El mecanismo de inicio de sesi\u00f3n del servidor FTP no restringe los intentos de autenticaci\u00f3n, lo que permite a un atacante forzar las contrase\u00f1as de los usuarios y comprometer potencialmente el servidor FTP."
}
],
"id": "CVE-2025-49195",
"lastModified": "2026-01-26T19:28:52.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@sick.de",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-12T15:15:39.713",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Broken Link"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/psirt"
},
{
"source": "psirt@sick.de",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"source": "psirt@sick.de",
"tags": [
"Not Applicable"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
}
],
"source": "psirt@sick.de",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49182
Vulnerability from fkie_nvd - Published: 2025-06-12 14:15 - Updated: 2026-01-29 17:59
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | media_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "818583F6-0347-4D38-863F-5D1C391C427E",
"versionEndExcluding": "1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application."
},
{
"lang": "es",
"value": "Los archivos en el c\u00f3digo fuente contienen credenciales de inicio de sesi\u00f3n para el usuario administrador y la contrase\u00f1a de configuraci\u00f3n de la propiedad, lo que permite a un atacante obtener acceso completo a la aplicaci\u00f3n."
}
],
"id": "CVE-2025-49182",
"lastModified": "2026-01-29T17:59:50.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@sick.de",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-12T14:15:30.437",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Broken Link"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/psirt"
},
{
"source": "psirt@sick.de",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"source": "psirt@sick.de",
"tags": [
"Not Applicable"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-540"
}
],
"source": "psirt@sick.de",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-49183
Vulnerability from fkie_nvd - Published: 2025-06-12 14:15 - Updated: 2026-01-29 17:59
Severity ?
Summary
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | media_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A30940D7-F22D-415A-94A3-493D531514BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files."
},
{
"lang": "es",
"value": "Toda la comunicaci\u00f3n con la API REST no est\u00e1 cifrada (HTTP), lo que permite a un atacante interceptar el tr\u00e1fico entre un actor y el servidor web. Esto permite la recopilaci\u00f3n de informaci\u00f3n y la descarga de archivos multimedia."
}
],
"id": "CVE-2025-49183",
"lastModified": "2026-01-29T17:59:18.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@sick.de",
"type": "Secondary"
}
]
},
"published": "2025-06-12T14:15:30.580",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Broken Link"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/psirt"
},
{
"source": "psirt@sick.de",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"source": "psirt@sick.de",
"tags": [
"Not Applicable"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "psirt@sick.de",
"type": "Secondary"
}
]
}
CVE-2025-49198 (GCVE-0-2025-49198)
Vulnerability from cvelistv5 – Published: 2025-06-12 14:24 – Updated: 2025-06-17 19:02
VLAI?
Title
Poor quality of randomness in authorization tokens
Summary
The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.
Severity ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
all versions
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:39:42.450840Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:02:49.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eThe Media Server\u2019s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.\u003c/code\u003e"
}
],
"value": "The Media Server\u2019s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T08:21:10.652Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Poor quality of randomness in authorization tokens",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.\u003c/code\u003e"
}
],
"value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49198",
"datePublished": "2025-06-12T14:24:55.991Z",
"dateReserved": "2025-06-03T05:58:15.616Z",
"dateUpdated": "2025-06-17T19:02:49.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49197 (GCVE-0-2025-49197)
Vulnerability from cvelistv5 – Published: 2025-06-12 14:23 – Updated: 2025-06-17 19:03
VLAI?
Title
Deprecated TLS version supported
Summary
The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.
Severity ?
6.5 (Medium)
CWE
- CWE-328 - Use of Weak Hash
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
0 , < 1.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:39:19.530150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T19:03:20.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eThe application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.\u003c/code\u003e"
}
],
"value": "The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-328",
"description": "CWE-328 Use of Weak Hash",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:23:04.373Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eIt is strongly recommended to upgrade to the latest version.\u003c/code\u003e"
}
],
"value": "It is strongly recommended to upgrade to the latest version."
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Deprecated TLS version supported",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49197",
"datePublished": "2025-06-12T14:23:04.373Z",
"dateReserved": "2025-06-03T05:58:15.616Z",
"dateUpdated": "2025-06-17T19:03:20.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49195 (GCVE-0-2025-49195)
Vulnerability from cvelistv5 – Published: 2025-06-12 14:19 – Updated: 2025-06-13 06:16
VLAI?
Title
No protection against brute-force attacks
Summary
The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.
Severity ?
5.3 (Medium)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
all versions
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:33:13.998394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:33:17.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eThe FTP server\u2019s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.\u003c/code\u003e"
}
],
"value": "The FTP server\u2019s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T06:16:40.051Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "No protection against brute-force attacks",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eIt is highly recommended to use a strong password with a length of at least eight characters and a combination of letters, numbers, capital letters and symbols. Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.\u003c/code\u003e"
}
],
"value": "It is highly recommended to use a strong password with a length of at least eight characters and a combination of letters, numbers, capital letters and symbols. Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49195",
"datePublished": "2025-06-12T14:19:21.686Z",
"dateReserved": "2025-06-03T05:58:15.616Z",
"dateUpdated": "2025-06-13T06:16:40.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49194 (GCVE-0-2025-49194)
Vulnerability from cvelistv5 – Published: 2025-06-12 14:17 – Updated: 2025-06-13 06:14
VLAI?
Title
Unencrypted communication
Summary
The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.
Severity ?
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
all versions
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:33:26.949270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:33:30.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eThe server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.\u003c/code\u003e"
}
],
"value": "The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T06:14:44.270Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Unencrypted communication",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.\u003c/code\u003e"
}
],
"value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49194",
"datePublished": "2025-06-12T14:17:36.499Z",
"dateReserved": "2025-06-03T05:58:15.616Z",
"dateUpdated": "2025-06-13T06:14:44.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49193 (GCVE-0-2025-49193)
Vulnerability from cvelistv5 – Published: 2025-06-12 14:15 – Updated: 2025-10-06 07:23
VLAI?
Title
Missing HTTP Security Headers
Summary
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).
Severity ?
4.2 (Medium)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SICK AG | Field Analytics |
Affected:
all versions
(custom)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:33:45.757872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:33:49.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Field Analytics",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Media Server",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Baggage Analytics",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all version"
}
]
},
{
"defaultStatus": "affected",
"product": "Tire Analytics",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all version"
}
]
},
{
"defaultStatus": "affected",
"product": "Package Analytics",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"defaultStatus": "affected",
"product": "Logistic Diagnostic Analytics",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eThe application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).\u003c/code\u003e"
}
],
"value": "The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T07:23:25.144Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eMedia Server: Users are strongly recommended to upgrade to the latest release of Media Server (\u0026gt;= 1.5).\u003c/code\u003e"
}
],
"value": "Media Server: Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5)."
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Missing HTTP Security Headers",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eField Analytics: Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.\u003c/code\u003e"
}
],
"value": "Field Analytics: Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49193",
"datePublished": "2025-06-12T14:15:07.492Z",
"dateReserved": "2025-06-03T05:58:15.616Z",
"dateUpdated": "2025-10-06T07:23:25.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49183 (GCVE-0-2025-49183)
Vulnerability from cvelistv5 – Published: 2025-06-12 13:21 – Updated: 2025-06-13 08:18
VLAI?
Title
Unencrypted communication (HTTP)
Summary
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
Severity ?
7.5 (High)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
all versions
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49183",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T13:45:46.280576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T13:45:50.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003e\n\n\u003ccode\u003eAll communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.\u003c/code\u003e\n\n\u003c/code\u003e"
}
],
"value": "All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T08:18:11.333Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Unencrypted communication (HTTP)",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.\u003c/code\u003e"
}
],
"value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49183",
"datePublished": "2025-06-12T13:21:57.463Z",
"dateReserved": "2025-06-03T05:55:52.772Z",
"dateUpdated": "2025-06-13T08:18:11.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49182 (GCVE-0-2025-49182)
Vulnerability from cvelistv5 – Published: 2025-06-12 13:15 – Updated: 2025-06-16 16:46
VLAI?
Title
Credential disclosure
Summary
Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.
Severity ?
7.5 (High)
CWE
- CWE-540 - Inclusion of Sensitive Information in Source Code
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SICK AG | SICK Media Server |
Affected:
0 , < 1.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T13:25:28.200651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T16:46:15.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SICK Media Server",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eFiles in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.\u003c/code\u003e"
}
],
"value": "Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-540",
"description": "CWE-540 Inclusion of Sensitive Information in Source Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T08:17:26.780Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5). It is also advised to change the default passwords."
}
],
"value": "Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5). It is also advised to change the default passwords."
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Credential disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49182",
"datePublished": "2025-06-12T13:15:02.172Z",
"dateReserved": "2025-06-03T05:55:52.772Z",
"dateUpdated": "2025-06-16T16:46:15.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}