Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-58583 (GCVE-0-2025-58583)
Vulnerability from cvelistv5 – Published: 2025-10-06 06:52 – Updated: 2025-10-06 16:56
VLAI
EPSS
Title
User Enumeration
Summary
The application provides access to a login protected H2 database for caching purposes. The username is prefilled.
Severity
5.3 (Medium)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://sick.com/psirt | x_SICK PSIRT Security Advisories |
| https://www.sick.com/media/docs/9/19/719/special_… | x_SICK Operating Guidelines |
| https://www.cisa.gov/resources-tools/resources/ic… | x_ICS-CERT recommended practices on Industrial Security |
| https://www.first.org/cvss/calculator/3.1 | x_CVSS v3.1 Calculator |
| https://www.sick.com/.well-known/csaf/white/2025/… | x_The canonical URL. |
| https://www.sick.com/.well-known/csaf/white/2025/… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SICK AG | Enterprise Analytics |
Affected:
all versions
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-06T16:52:06.663576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T16:56:06.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Enterprise Analytics",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe application provides access to a login protected H2 database for caching purposes. The username is prefilled.\u003c/p\u003e"
}
],
"value": "The application provides access to a login protected H2 database for caching purposes. The username is prefilled."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-06T07:10:37.403Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Security Advisories"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"x_The canonical URL."
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf"
}
],
"source": {
"advisory": "SCA-2025-0010",
"discovery": "INTERNAL"
},
"title": "User Enumeration",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.\u003c/p\u003e"
}
],
"value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices."
}
],
"x_generator": {
"engine": "csaf2cve 0.2.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-58583",
"datePublished": "2025-10-06T06:52:03.916Z",
"dateReserved": "2025-09-03T08:58:14.355Z",
"dateUpdated": "2025-10-06T16:56:06.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-58583",
"date": "2026-05-26",
"epss": "0.00083",
"percentile": "0.24103"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-58583\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2025-10-06T07:15:34.890\",\"lastModified\":\"2026-01-27T16:14:44.703\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The application provides access to a login protected H2 database for caching purposes. The username is prefilled.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-497\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sick:enterprise_analytics:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04E8EA78-2780-40C0-B5BA-6CF99DE6355B\"}]}]}],\"references\":[{\"url\":\"https://sick.com/psirt\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\",\"source\":\"psirt@sick.de\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://www.first.org/cvss/calculator/3.1\",\"source\":\"psirt@sick.de\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf\",\"source\":\"psirt@sick.de\",\"tags\":[\"Product\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58583\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-06T16:52:06.663576Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-06T16:55:22.359Z\"}}], \"cna\": {\"title\": \"User Enumeration\", \"source\": {\"advisory\": \"SCA-2025-0010\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"temporalScore\": 5.3, \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"temporalSeverity\": \"MEDIUM\", \"availabilityImpact\": \"NONE\", \"environmentalScore\": 5.3, \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\", \"environmentalSeverity\": \"MEDIUM\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SICK AG\", \"product\": \"Enterprise Analytics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://sick.com/psirt\", \"tags\": [\"x_SICK PSIRT Security Advisories\"]}, {\"url\": \"https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf\", \"tags\": [\"x_SICK Operating Guidelines\"]}, {\"url\": \"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\", \"tags\": [\"x_ICS-CERT recommended practices on Industrial Security\"]}, {\"url\": \"https://www.first.org/cvss/calculator/3.1\", \"tags\": [\"x_CVSS v3.1 Calculator\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json\", \"tags\": [\"x_The canonical URL.\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\u201dSICK Operating Guidelines\\u201d and \\u201dICS-CERT recommended practices on Industrial Security\\u201d could help to implement the general security practices.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003ePlease make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\u201dSICK Operating Guidelines\\u201d and \\u201dICS-CERT recommended practices on Industrial Security\\u201d could help to implement the general security practices.\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"csaf2cve 0.2.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The application provides access to a login protected H2 database for caching purposes. The username is prefilled.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe application provides access to a login protected H2 database for caching purposes. The username is prefilled.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-497\", \"description\": \"CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere\"}]}], \"providerMetadata\": {\"orgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"shortName\": \"SICK AG\", \"dateUpdated\": \"2025-10-06T07:10:37.403Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-58583\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-06T16:56:06.556Z\", \"dateReserved\": \"2025-09-03T08:58:14.355Z\", \"assignerOrgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"datePublished\": \"2025-10-06T06:52:03.916Z\", \"assignerShortName\": \"SICK AG\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
FKIE_CVE-2025-58583
Vulnerability from fkie_nvd - Published: 2025-10-06 07:15 - Updated: 2026-01-27 16:14
Severity
Summary
The application provides access to a login protected H2 database for caching purposes. The username is prefilled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | enterprise_analytics | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:enterprise_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04E8EA78-2780-40C0-B5BA-6CF99DE6355B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The application provides access to a login protected H2 database for caching purposes. The username is prefilled."
}
],
"id": "CVE-2025-58583",
"lastModified": "2026-01-27T16:14:44.703",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@sick.de",
"type": "Secondary"
}
]
},
"published": "2025-10-06T07:15:34.890",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/psirt"
},
{
"source": "psirt@sick.de",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"source": "psirt@sick.de",
"tags": [
"Not Applicable"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf"
},
{
"source": "psirt@sick.de",
"tags": [
"Product"
],
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-497"
}
],
"source": "psirt@sick.de",
"type": "Secondary"
}
]
}
GHSA-P257-PMP8-466J
Vulnerability from github – Published: 2025-10-06 09:30 – Updated: 2025-10-06 09:30
VLAI
Details
The application provides access to a login protected H2 database for caching purposes. The username is prefilled.
Severity
5.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2025-58583"
],
"database_specific": {
"cwe_ids": [
"CWE-497"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-06T07:15:34Z",
"severity": "MODERATE"
},
"details": "The application provides access to a login protected H2 database for caching purposes. The username is prefilled.",
"id": "GHSA-p257-pmp8-466j",
"modified": "2025-10-06T09:30:19Z",
"published": "2025-10-06T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58583"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf"
},
{
"type": "WEB",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
SCA-2025-0010
Vulnerability from csaf_sick - Published: 2025-10-02 13:00 - Updated: 2026-05-13 13:00Summary
Multiple vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics Products
Notes
summary: SICK has found multiple vulnerabilities in SICK Enterprise Analytics and the SICK Logistic Analytics products. The vulnerabilities could potentially affect the confidentiality, integrity and availability of the products. Therefore it is strongly recommended to apply general security practices when operating the products. Currently, SICK is not aware of any public exploits.
General Security Measures: As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification: SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
4.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
4.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics all versions
SICK AG / Logistic Analytics / Baggage Analytics
|
vers:all/* |
Workaround
|
|
|
SICK Tire Analytics all versions
SICK AG / Logistic Analytics / Tire Analytics
|
vers:all/* |
Workaround
|
|
|
SICK Package Analytics all versions
SICK AG / Logistic Analytics / Package Analytics
|
vers:all/* |
Workaround
|
|
|
SICK Logistic Diagnostic Analytics all versions
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
vers:all/* |
Workaround
|
|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.2
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.2 | ||
|
SICK Tire Analytics 4.6.2
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.2 | ||
|
SICK Package Analytics 4.6.2
SICK AG / Logistic Analytics / Package Analytics
|
4.6.2 | ||
|
SICK Logistic Diagnostic Analytics 4.6.2
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.2 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.2
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.2 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.2
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.2 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.2
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.2 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.2
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.2 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.2
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.2 | ||
|
SICK Tire Analytics 4.6.2
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.2 | ||
|
SICK Package Analytics 4.6.2
SICK AG / Logistic Analytics / Package Analytics
|
4.6.2 | ||
|
SICK Logistic Diagnostic Analytics 4.6.2
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.2 |
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
CWE-770
- Allocation of Resources Without Limits or Throttling
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
4.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "SICK has found multiple vulnerabilities in SICK Enterprise Analytics and the SICK Logistic Analytics products. The vulnerabilities could potentially affect the confidentiality, integrity and availability of the products. Therefore it is strongly recommended to apply general security practices when operating the products. Currently, SICK is not aware of any public exploits.",
"title": "summary"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"
}
],
"title": "Multiple vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics Products",
"tracking": {
"current_release_date": "2026-05-13T13:00:00.000Z",
"generator": {
"date": "2026-05-13T11:19:05.657Z",
"engine": {
"name": "Secvisogram",
"version": "2.6.1"
}
},
"id": "SCA-2025-0010",
"initial_release_date": "2025-10-02T13:00:00.000Z",
"revision_history": [
{
"date": "2025-10-02T13:00:00.000Z",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-13T10:00:00.000Z",
"number": "2",
"summary": "Fixes for the products Baggage Analytics, Package Analytics, Tire Analytics, Logistic Diagnostic Analytics."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Enterprise Analytics all versions",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Enterprise Analytics"
}
],
"category": "product_family",
"name": "Analytics Solutions"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.6.2",
"product": {
"name": "SICK Baggage Analytics \u003c 4.6.2",
"product_id": "CSAFPID-0002"
}
},
{
"category": "product_version_range",
"name": "\u003c 4.6.3",
"product": {
"name": "SICK Baggage Analytics \u003c 4.6.3",
"product_id": "CSAFPID-0003"
}
},
{
"category": "product_version",
"name": "4.6.2",
"product": {
"name": "SICK Baggage Analytics 4.6.2",
"product_id": "CSAFPID-0004"
}
},
{
"category": "product_version",
"name": "4.6.3",
"product": {
"name": "SICK Baggage Analytics 4.6.3",
"product_id": "CSAFPID-0005"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Baggage Analytics all versions",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "Baggage Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.6.2",
"product": {
"name": "SICK Tire Analytics \u003c 4.6.2",
"product_id": "CSAFPID-0006"
}
},
{
"category": "product_version_range",
"name": "\u003c 4.6.3",
"product": {
"name": "SICK Tire Analytics \u003c 4.6.3",
"product_id": "CSAFPID-0007"
}
},
{
"category": "product_version",
"name": "4.6.2",
"product": {
"name": "SICK Tire Analytics 4.6.2",
"product_id": "CSAFPID-0008"
}
},
{
"category": "product_version",
"name": "4.6.3",
"product": {
"name": "SICK Tire Analytics 4.6.3",
"product_id": "CSAFPID-0009"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Tire Analytics all versions",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "Tire Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.6.2",
"product": {
"name": "SICK Package Analytics \u003c 4.6.2",
"product_id": "CSAFPID-0010"
}
},
{
"category": "product_version_range",
"name": "\u003c 4.6.3",
"product": {
"name": "SICK Package Analytics \u003c 4.6.3",
"product_id": "CSAFPID-0011"
}
},
{
"category": "product_version",
"name": "4.6.2",
"product": {
"name": "SICK Package Analytics 4.6.2",
"product_id": "CSAFPID-0012"
}
},
{
"category": "product_version",
"name": "4.6.3",
"product": {
"name": "SICK Package Analytics 4.6.3",
"product_id": "CSAFPID-0013"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Package Analytics all versions",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "Package Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.6.2",
"product": {
"name": "SICK Logistic Diagnostic Analytics \u003c 4.6.2",
"product_id": "CSAFPID-0014"
}
},
{
"category": "product_version_range",
"name": "\u003c 4.6.3",
"product": {
"name": "SICK Logistic Diagnostic Analytics \u003c 4.6.3",
"product_id": "CSAFPID-0015"
}
},
{
"category": "product_version",
"name": "4.6.2",
"product": {
"name": "SICK Logistic Diagnostic Analytics 4.6.2",
"product_id": "CSAFPID-0016"
}
},
{
"category": "product_version",
"name": "4.6.3",
"product": {
"name": "SICK Logistic Diagnostic Analytics 4.6.3",
"product_id": "CSAFPID-0017"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Logistic Diagnostic Analytics all versions",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "Logistic Diagnostic Analytics"
}
],
"category": "product_family",
"name": "Logistic Analytics"
}
],
"category": "vendor",
"name": "SICK AG"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9914",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The credentials of the users stored in the system\u0027s local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "Authentication with database users is possible"
},
{
"cve": "CVE-2025-9913",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "JavaScript can be run inside the address bar via the dashboard \"Open in new Tab\" button, making the application vulnerable to session hijacking.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 4.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 4.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "Cross Site Scripting: Session Hijacking"
},
{
"cve": "CVE-2025-58587",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
]
}
],
"title": "Improper Restriction of Excessive Authentication Attempts"
},
{
"cve": "CVE-2025-49184",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0001"
]
}
],
"title": "Information Disclosure to Unauthorized User"
},
{
"cve": "CVE-2025-58589",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 2.7,
"environmentalSeverity": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 2.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "Information Disclosure Through Stacktrace - /User/User"
},
{
"cve": "CVE-2025-58590",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "It\u0027s possible to brute force folders and files, which can be used by an attacker to steal sensitive information.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0012",
"CSAFPID-0016"
],
"known_affected": [
"CSAFPID-0002",
"CSAFPID-0006",
"CSAFPID-0010",
"CSAFPID-0014"
],
"recommended": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0012",
"CSAFPID-0016"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update to the latest version (\u003e= 4.6.2).",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0006",
"CSAFPID-0010",
"CSAFPID-0014"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002",
"CSAFPID-0006",
"CSAFPID-0010",
"CSAFPID-0014"
]
}
],
"title": "Path traversal \u2013 get list of files and folders"
},
{
"cve": "CVE-2025-58591",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "Path Traversal \u2013 Read File Content"
},
{
"cve": "CVE-2025-58584",
"cwe": {
"id": "CWE-598",
"name": "Use of GET Request Method With Sensitive Query Strings"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
]
}
],
"title": "Plain Text Transmission of Username and Password in the URL"
},
{
"cve": "CVE-2025-58585",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "Sensitive Information Disclosure Through Missing Authentication"
},
{
"cve": "CVE-2025-58586",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
]
}
],
"title": "User Enumeration"
},
{
"cve": "CVE-2025-58579",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
]
}
],
"title": "Username Disclosure Through Missing Authentication"
},
{
"cve": "CVE-2025-58583",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application provides access to a login protected H2 database for caching purposes. The username is prefilled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "H2 \u2013 User Enumeration"
},
{
"cve": "CVE-2025-58581",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Information Disclosure Through Stacktrace-/MQTT/Config/changeAll"
},
{
"cve": "CVE-2025-58580",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Injection via log file"
},
{
"cve": "CVE-2025-58582",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it\u2019s possible to send giant payloads which are then logged.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Uncontrolled Resource Consumption via log file"
},
{
"cve": "CVE-2025-58578",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 3.8,
"environmentalSeverity": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Unlimited user creation by authorized users"
},
{
"cve": "CVE-2025-49186",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "No Brute-Force Protection"
},
{
"cve": "CVE-2025-49193",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.2,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "Missing HTTP Security Headers"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…