CVE-2025-49184 | THREATINT

Description

A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.

PUBLISHED Reserved 2025-06-03 | Published 2025-06-12 | Updated 2025-10-06 | Assigner SICK AG

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

affected

all versions (custom)

affected

Default status

affected

all version

affected

Default status

affected

all version

affected

Default status

affected

all versions

affected

Default status

affected

all versions

affected

Default status

affected

all versions

affected

References

sick.com/psirt

cdn.sick.com/...ation_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

www.cisa.gov/...es-tools/resources/ics-recommended-practices

www.first.org/cvss/calculator/3.1

www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf vendor-advisory

www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json vendor-advisory

cve.org (CVE-2025-49184)

nvd.nist.gov (CVE-2025-49184)

Download JSON