CVE-2025-49183 | THREATINT

Description

All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.

PUBLISHED Reserved 2025-06-03 | Published 2025-06-12 | Updated 2025-06-13 | Assigner SICK AG

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-319 Cleartext Transmission of Sensitive Information

Product status

Default status

affected

all versions (custom)

affected

References

sick.com/psirt

cdn.sick.com/...ation_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

www.cisa.gov/...es-tools/resources/ics-recommended-practices

www.first.org/cvss/calculator/3.1

www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf vendor-advisory

www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json vendor-advisory

cve.org (CVE-2025-49183)

nvd.nist.gov (CVE-2025-49183)

Download JSON