Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-49193 (GCVE-0-2025-49193)
Vulnerability from cvelistv5 – Published: 2025-06-12 14:15 – Updated: 2026-05-13 12:01
VLAI
EPSS
Title
Missing HTTP Security Headers
Summary
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).
Severity
4.2 (Medium)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://sick.com/psirt | x_SICK PSIRT Website |
| https://cdn.sick.com/media/docs/1/11/411/Special_… | x_SICK Operating Guidelines |
| https://www.cisa.gov/resources-tools/resources/ic… | x_ICS-CERT recommended practices on Industrial Security |
| https://www.first.org/cvss/calculator/3.1 | x_CVSS v3.1 Calculator |
| https://www.sick.com/.well-known/csaf/white/2025/… | vendor-advisory |
| https://www.sick.com/.well-known/csaf/white/2025/… | vendor-advisoryx_csaf |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| SICK AG | Field Analytics |
Affected:
all versions
(custom)
|
|
| SICK AG | Media Server |
Affected:
0 , < 1.5
(custom)
|
|
| SICK AG | Baggage Analytics |
Affected:
0 , < 4.6.3
(custom)
|
|
| SICK AG | Tire Analytics |
Affected:
0 , < 4.6.3
(custom)
|
|
| SICK AG | Package Analytics |
Affected:
0 , < 4.6.3
(custom)
|
|
| SICK AG | Logistic Diagnostic Analytics |
Affected:
0 , < 4.6.3
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:33:45.757872Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:33:49.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Field Analytics",
"vendor": "SICK AG",
"versions": [
{
"status": "affected",
"version": "all versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Media Server",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Baggage Analytics",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Tire Analytics",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Package Analytics",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "Logistic Diagnostic Analytics",
"vendor": "SICK AG",
"versions": [
{
"lessThan": "4.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eThe application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).\u003c/code\u003e"
}
],
"value": "The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T12:01:55.151Z",
"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"shortName": "SICK AG"
},
"references": [
{
"tags": [
"x_SICK PSIRT Website"
],
"url": "https://sick.com/psirt"
},
{
"tags": [
"x_SICK Operating Guidelines"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"tags": [
"x_ICS-CERT recommended practices on Industrial Security"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"tags": [
"x_CVSS v3.1 Calculator"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
},
{
"tags": [
"vendor-advisory",
"x_csaf"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eMedia Server: Users are strongly recommended to upgrade to the latest release of Media Server (\u0026gt;= 1.5).\u003c/code\u003e"
}
],
"value": "Media Server: Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5)."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "For Logistic Analytics Products: It is strongly recommended to update the product to version 4.6.3.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "For Logistic Analytics Products: It is strongly recommended to update the product to version 4.6.3."
}
],
"source": {
"advisory": "sca-2025-0007",
"discovery": "INTERNAL"
},
"title": "Missing HTTP Security Headers",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eField Analytics: Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.\u003c/code\u003e"
}
],
"value": "Field Analytics: Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988",
"assignerShortName": "SICK AG",
"cveId": "CVE-2025-49193",
"datePublished": "2025-06-12T14:15:07.492Z",
"dateReserved": "2025-06-03T05:58:15.616Z",
"dateUpdated": "2026-05-13T12:01:55.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-49193",
"date": "2026-05-26",
"epss": "0.00286",
"percentile": "0.52129"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-49193\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2025-06-12T15:15:39.433\",\"lastModified\":\"2026-01-26T19:30:49.307\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).\"},{\"lang\":\"es\",\"value\":\"La aplicaci\u00f3n no implementa varios encabezados de seguridad. Estos encabezados ayudan a aumentar el nivel general de seguridad de la aplicaci\u00f3n web, por ejemplo, impidiendo que la aplicaci\u00f3n se muestre en un iFrame (ataques de clickjacking) o que se ejecute c\u00f3digo JavaScript malicioso inyectado (ataques XSS).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"psirt@sick.de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-693\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sick:baggage_analytics:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E62416BA-1BF1-43BD-98B2-57BD34128419\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sick:field_analytics:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62EE84A7-E93D-411E-A6FC-4BEE5F4CD16D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sick:logistic_diagnostic_analytics:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27031959-2981-4755-9E3D-02CD083F2B72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.5\",\"matchCriteriaId\":\"818583F6-0347-4D38-863F-5D1C391C427E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5955214B-0D71-449A-BFD4-8804FDF91CA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sick:tire_analytics:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86C0BA69-E701-45A3-ADA5-130B8AD9DF15\"}]}]}],\"references\":[{\"url\":\"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\",\"source\":\"psirt@sick.de\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://sick.com/psirt\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\",\"source\":\"psirt@sick.de\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://www.first.org/cvss/calculator/3.1\",\"source\":\"psirt@sick.de\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-49193\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-12T14:33:45.757872Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-12T14:33:47.471Z\"}}], \"cna\": {\"title\": \"Missing HTTP Security Headers\", \"source\": {\"advisory\": \"sca-2025-0007\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SICK AG\", \"product\": \"Field Analytics\", \"versions\": [{\"status\": \"affected\", \"version\": \"all versions\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"SICK AG\", \"product\": \"Media Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.5\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"SICK AG\", \"product\": \"Baggage Analytics\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.6.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"SICK AG\", \"product\": \"Tire Analytics\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.6.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"SICK AG\", \"product\": \"Package Analytics\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.6.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"SICK AG\", \"product\": \"Logistic Diagnostic Analytics\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"4.6.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Media Server: Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ccode\u003eMedia Server: Users are strongly recommended to upgrade to the latest release of Media Server (\u0026gt;= 1.5).\u003c/code\u003e\", \"base64\": false}]}, {\"lang\": \"en\", \"value\": \"For Logistic Analytics Products: It is strongly recommended to update the product to version 4.6.3.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"For Logistic Analytics Products: It is strongly recommended to update the product to version 4.6.3.\u0026nbsp;\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://sick.com/psirt\", \"tags\": [\"x_SICK PSIRT Website\"]}, {\"url\": \"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF\", \"tags\": [\"x_SICK Operating Guidelines\"]}, {\"url\": \"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices\", \"tags\": [\"x_ICS-CERT recommended practices on Industrial Security\"]}, {\"url\": \"https://www.first.org/cvss/calculator/3.1\", \"tags\": [\"x_CVSS v3.1 Calculator\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json\", \"tags\": [\"vendor-advisory\", \"x_csaf\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Field Analytics: Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\\\\\"SICK Operating Guidelines\\\\\\\" and \\\\\\\"ICS-CERT recommended practices on Industrial Security\\\\\\\" could help to implement the general security practices.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ccode\u003eField Analytics: Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\\\\\"SICK Operating Guidelines\\\\\\\" and \\\\\\\"ICS-CERT recommended practices on Industrial Security\\\\\\\" could help to implement the general security practices.\u003c/code\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003ccode\u003eThe application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).\u003c/code\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-693\", \"description\": \"CWE-693 Protection Mechanism Failure\"}]}], \"providerMetadata\": {\"orgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"shortName\": \"SICK AG\", \"dateUpdated\": \"2026-05-13T12:01:55.151Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-49193\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-13T12:01:55.151Z\", \"dateReserved\": \"2025-06-03T05:58:15.616Z\", \"assignerOrgId\": \"a6863dd2-93fc-443d-bef1-79f0b5020988\", \"datePublished\": \"2025-06-12T14:15:07.492Z\", \"assignerShortName\": \"SICK AG\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2025-49193
Vulnerability from fkie_nvd - Published: 2025-06-12 15:15 - Updated: 2026-01-26 19:30
Severity
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sick | baggage_analytics | * | |
| sick | field_analytics | * | |
| sick | logistic_diagnostic_analytics | * | |
| sick | media_server | * | |
| sick | package_analytics | * | |
| sick | tire_analytics | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sick:baggage_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E62416BA-1BF1-43BD-98B2-57BD34128419",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sick:field_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62EE84A7-E93D-411E-A6FC-4BEE5F4CD16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sick:logistic_diagnostic_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27031959-2981-4755-9E3D-02CD083F2B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "818583F6-0347-4D38-863F-5D1C391C427E",
"versionEndExcluding": "1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5955214B-0D71-449A-BFD4-8804FDF91CA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sick:tire_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86C0BA69-E701-45A3-ADA5-130B8AD9DF15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks)."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n no implementa varios encabezados de seguridad. Estos encabezados ayudan a aumentar el nivel general de seguridad de la aplicaci\u00f3n web, por ejemplo, impidiendo que la aplicaci\u00f3n se muestre en un iFrame (ataques de clickjacking) o que se ejecute c\u00f3digo JavaScript malicioso inyectado (ataques XSS)."
}
],
"id": "CVE-2025-49193",
"lastModified": "2026-01-26T19:30:49.307",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "psirt@sick.de",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-12T15:15:39.433",
"references": [
{
"source": "psirt@sick.de",
"tags": [
"Broken Link"
],
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://sick.com/psirt"
},
{
"source": "psirt@sick.de",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"source": "psirt@sick.de",
"tags": [
"Not Applicable"
],
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
},
{
"source": "psirt@sick.de",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
}
],
"sourceIdentifier": "psirt@sick.de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "psirt@sick.de",
"type": "Secondary"
}
]
}
GHSA-P883-QGGF-J55H
Vulnerability from github – Published: 2025-06-12 15:31 – Updated: 2025-06-12 15:31
VLAI
Details
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).
Severity
4.2 (Medium)
{
"affected": [],
"aliases": [
"CVE-2025-49193"
],
"database_specific": {
"cwe_ids": [
"CWE-693"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-12T15:15:39Z",
"severity": "MODERATE"
},
"details": "The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).",
"id": "GHSA-p883-qggf-j55h",
"modified": "2025-06-12T15:31:23Z",
"published": "2025-06-12T15:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49193"
},
{
"type": "WEB",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"type": "WEB",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
},
{
"type": "WEB",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
SCA-2025-0007
Vulnerability from csaf_sick - Published: 2025-06-12 13:00 - Updated: 2025-06-12 13:00Summary
Multiple vulnerabilities in SICK Field Analytics and SICK Media Server
Notes
summary: SICK has found multiple vulnerabilities in the products SICK Field Analytics and SICK Media Server. The vulnerabilities could potentially affect the confidentiality, integrity an availability of the products. Therefore it is strongly recommended to apply general security practices when operating the products. Currently SICK is not aware of any public exploits.
General Security Measures: As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification: SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
8.6 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server all versions
SICK AG / Media Server
|
vers:all/* |
Mitigation
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server <= 1.4
SICK AG / Media Server
|
<= 1.4 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server all versions
SICK AG / Media Server
|
vers:all/* |
Workaround
|
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
5.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
|
SICK Media Server all versions
SICK AG / Media Server
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server <= 1.4
SICK AG / Media Server
|
<= 1.4 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
4.8 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
4.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
|
SICK Media Server <= 1.4
SICK AG / Media Server
|
<= 1.4 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
4.2 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
|
SICK Media Server <= 1.4
SICK AG / Media Server
|
<= 1.4 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server all versions
SICK AG / Media Server
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server all versions
SICK AG / Media Server
|
vers:all/* |
Workaround
|
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server <= 1.4
SICK AG / Media Server
|
<= 1.4 |
Vendor Fix
|
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server 1.5
SICK AG / Media Server
|
1.5 |
CWE-330
- Use of Insufficiently Random Values
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Media Server all versions
SICK AG / Media Server
|
vers:all/* |
Workaround
|
8.8 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Field Analytics all versions
SICK AG / Field Analytics
|
1613101
|
vers:all/* |
Workaround
|
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "SICK has found multiple vulnerabilities in the products SICK Field Analytics and SICK Media Server. The vulnerabilities could potentially affect the confidentiality, integrity an availability of the products. Therefore it is strongly recommended to apply general security practices when operating the products. Currently SICK is not aware of any public exploits.",
"title": "summary"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"
}
],
"title": "Multiple vulnerabilities in SICK Field Analytics and SICK Media Server",
"tracking": {
"current_release_date": "2025-06-12T13:00:00.000Z",
"generator": {
"date": "2025-06-12T12:05:52.309Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.27"
}
},
"id": "SCA-2025-0007",
"initial_release_date": "2025-06-12T13:00:00.000Z",
"revision_history": [
{
"date": "2025-06-12T13:00:00.000Z",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-30T07:30:49.000Z",
"number": "2",
"summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Field Analytics all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"1613101"
]
}
}
}
],
"category": "product_name",
"name": "Field Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Media Server all versions",
"product_id": "CSAFPID-0002"
}
},
{
"category": "product_version_range",
"name": "\u003c= 1.4",
"product": {
"name": "SICK Media Server \u003c= 1.4",
"product_id": "CSAFPID-0003"
}
},
{
"category": "product_version",
"name": "1.5",
"product": {
"name": "SICK Media Server 1.5",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Media Server"
}
],
"category": "vendor",
"name": "SICK AG"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-49181",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files\u0027 root path as well as the TCP ports the service is running on, leading to a Denial of Service attack.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "mitigation",
"details": "It is possible to enable the authorization of the API endpoint via licence. Please contact your support to get a licence with API authorization enabled.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 8.6,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.6,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "Web Content - Configurations endpoint does not require authorization"
},
{
"cve": "CVE-2025-49182",
"cwe": {
"id": "CWE-540",
"name": "Inclusion of Sensitive Information in Source Code"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0004"
],
"known_affected": [
"CSAFPID-0003"
],
"recommended": [
"CSAFPID-0004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5). It is also advised to change the default passwords.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Web Content - Credential disclosure"
},
{
"cve": "CVE-2025-49183",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "Web Content - Unencrypted communication (HTTP)"
},
{
"cve": "CVE-2025-49184",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Web Content - Information disclosure to unauthorized user"
},
{
"cve": "CVE-2025-49185",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Web Content - Stored Cross-Site-Script"
},
{
"cve": "CVE-2025-49186",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "workaround",
"details": "It is highly recommended to use a strong password with a length of at least eight characters and a combination of letters, numbers, capital letters and symbols. Please make also sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
],
"title": "Web Content - No brute-force protection"
},
{
"cve": "CVE-2025-49187",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "It is highly recommended to use a strong password with a length of at least eight characters and a combination of letters, numbers, capital letters and symbols. Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Web Content - User enumeration"
},
{
"cve": "CVE-2025-49188",
"cwe": {
"id": "CWE-598",
"name": "Use of GET Request Method With Sensitive Query Strings"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Web Content - Sensitive Data in URL"
},
{
"cve": "CVE-2025-49189",
"cwe": {
"id": "CWE-1004",
"name": "Sensitive Cookie Without \u0027HttpOnly\u0027 Flag"
},
"notes": [
{
"category": "summary",
"text": "The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0004"
],
"known_affected": [
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5).",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Web Content - Cookie missing HttpOnly flag"
},
{
"cve": "CVE-2025-49190",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server internal requests to other ports.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Web Content - Server-Side Request Forgery"
},
{
"cve": "CVE-2025-49191",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.8,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 4.8,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Web Content - Dashboards and iFrames can link malicious web content"
},
{
"cve": "CVE-2025-49192",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of their computer while clicking on seemingly innocuous objects.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0004"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5).",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0003"
]
}
],
"title": "Web Content - Clickjacking"
},
{
"cve": "CVE-2025-49193",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0004"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0003"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Users are strongly recommended to upgrade to the latest release of Media Server (\u003e= 1.5).",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.2,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0003"
]
}
],
"title": "Web Content - Missing HTTP Security Headers"
},
{
"cve": "CVE-2025-49194",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credentials would be exposed.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "FTP Server - Unencrypted communication"
},
{
"cve": "CVE-2025-49195",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The FTP server\u2019s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "workaround",
"details": "It is highly recommended to use a strong password with a length of at least eight characters and a combination of letters, numbers, capital letters and symbols. Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "FTP Server - No protection against brute-force attacks"
},
{
"cve": "CVE-2025-49196",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": " Cryptography - Deprecated TLS version supported"
},
{
"cve": "CVE-2025-49197",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0004"
],
"known_affected": [
"CSAFPID-0003"
],
"recommended": [
"CSAFPID-0004"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to upgrade to the latest version.",
"product_ids": [
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003"
]
}
],
"title": "Cryptography - Weak password hash"
},
{
"cve": "CVE-2025-49198",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The Media Server\u2019s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0002"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0002"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 3.1,
"environmentalSeverity": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.1,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002"
]
}
],
"title": "Cryptography - Poor quality of randomness in authorization tokens"
},
{
"cve": "CVE-2025-49199",
"cwe": {
"id": "CWE-345",
"name": "Insufficient Verification of Data Authenticity"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Backup - Backup files can be modified and uploaded"
},
{
"cve": "CVE-2025-49200",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files. ",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \"SICK Operating Guidelines\" and \"ICS-CERT recommended practices on Industrial Security\" could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Backup - Unencrypted backup contains sensitive information"
}
]
}
SCA-2025-0010
Vulnerability from csaf_sick - Published: 2025-10-02 13:00 - Updated: 2026-05-13 13:00Summary
Multiple vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics Products
Notes
summary: SICK has found multiple vulnerabilities in SICK Enterprise Analytics and the SICK Logistic Analytics products. The vulnerabilities could potentially affect the confidentiality, integrity and availability of the products. Therefore it is strongly recommended to apply general security practices when operating the products. Currently, SICK is not aware of any public exploits.
General Security Measures: As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification: SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
4.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
4.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics all versions
SICK AG / Logistic Analytics / Baggage Analytics
|
vers:all/* |
Workaround
|
|
|
SICK Tire Analytics all versions
SICK AG / Logistic Analytics / Tire Analytics
|
vers:all/* |
Workaround
|
|
|
SICK Package Analytics all versions
SICK AG / Logistic Analytics / Package Analytics
|
vers:all/* |
Workaround
|
|
|
SICK Logistic Diagnostic Analytics all versions
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
vers:all/* |
Workaround
|
|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
CWE-200
- Exposure of Sensitive Information to an Unauthorized Actor
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.2
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.2 | ||
|
SICK Tire Analytics 4.6.2
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.2 | ||
|
SICK Package Analytics 4.6.2
SICK AG / Logistic Analytics / Package Analytics
|
4.6.2 | ||
|
SICK Logistic Diagnostic Analytics 4.6.2
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.2 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.2
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.2 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.2
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.2 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.2
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.2 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.2
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.2 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.2
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.2 | ||
|
SICK Tire Analytics 4.6.2
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.2 | ||
|
SICK Package Analytics 4.6.2
SICK AG / Logistic Analytics / Package Analytics
|
4.6.2 | ||
|
SICK Logistic Diagnostic Analytics 4.6.2
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.2 |
6.5 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
4.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
6.5 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
CWE-770
- Allocation of Resources Without Limits or Throttling
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Enterprise Analytics all versions
SICK AG / Analytics Solutions / Enterprise Analytics
|
vers:all/* |
Workaround
|
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
4.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics < 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Tire Analytics < 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Package Analytics < 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
< 4.6.3 |
Vendor Fix
|
|
|
SICK Logistic Diagnostic Analytics < 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
< 4.6.3 |
Vendor Fix
|
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SICK Baggage Analytics 4.6.3
SICK AG / Logistic Analytics / Baggage Analytics
|
4.6.3 | ||
|
SICK Tire Analytics 4.6.3
SICK AG / Logistic Analytics / Tire Analytics
|
4.6.3 | ||
|
SICK Package Analytics 4.6.3
SICK AG / Logistic Analytics / Package Analytics
|
4.6.3 | ||
|
SICK Logistic Diagnostic Analytics 4.6.3
SICK AG / Logistic Analytics / Logistic Diagnostic Analytics
|
4.6.3 |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "SICK has found multiple vulnerabilities in SICK Enterprise Analytics and the SICK Logistic Analytics products. The vulnerabilities could potentially affect the confidentiality, integrity and availability of the products. Therefore it is strongly recommended to apply general security practices when operating the products. Currently, SICK is not aware of any public exploits.",
"title": "summary"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
"name": "SICK PSIRT",
"namespace": "https://www.sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"
}
],
"title": "Multiple vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics Products",
"tracking": {
"current_release_date": "2026-05-13T13:00:00.000Z",
"generator": {
"date": "2026-05-13T11:19:05.657Z",
"engine": {
"name": "Secvisogram",
"version": "2.6.1"
}
},
"id": "SCA-2025-0010",
"initial_release_date": "2025-10-02T13:00:00.000Z",
"revision_history": [
{
"date": "2025-10-02T13:00:00.000Z",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-13T10:00:00.000Z",
"number": "2",
"summary": "Fixes for the products Baggage Analytics, Package Analytics, Tire Analytics, Logistic Diagnostic Analytics."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Enterprise Analytics all versions",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Enterprise Analytics"
}
],
"category": "product_family",
"name": "Analytics Solutions"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.6.2",
"product": {
"name": "SICK Baggage Analytics \u003c 4.6.2",
"product_id": "CSAFPID-0002"
}
},
{
"category": "product_version_range",
"name": "\u003c 4.6.3",
"product": {
"name": "SICK Baggage Analytics \u003c 4.6.3",
"product_id": "CSAFPID-0003"
}
},
{
"category": "product_version",
"name": "4.6.2",
"product": {
"name": "SICK Baggage Analytics 4.6.2",
"product_id": "CSAFPID-0004"
}
},
{
"category": "product_version",
"name": "4.6.3",
"product": {
"name": "SICK Baggage Analytics 4.6.3",
"product_id": "CSAFPID-0005"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Baggage Analytics all versions",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "Baggage Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.6.2",
"product": {
"name": "SICK Tire Analytics \u003c 4.6.2",
"product_id": "CSAFPID-0006"
}
},
{
"category": "product_version_range",
"name": "\u003c 4.6.3",
"product": {
"name": "SICK Tire Analytics \u003c 4.6.3",
"product_id": "CSAFPID-0007"
}
},
{
"category": "product_version",
"name": "4.6.2",
"product": {
"name": "SICK Tire Analytics 4.6.2",
"product_id": "CSAFPID-0008"
}
},
{
"category": "product_version",
"name": "4.6.3",
"product": {
"name": "SICK Tire Analytics 4.6.3",
"product_id": "CSAFPID-0009"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Tire Analytics all versions",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "Tire Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.6.2",
"product": {
"name": "SICK Package Analytics \u003c 4.6.2",
"product_id": "CSAFPID-0010"
}
},
{
"category": "product_version_range",
"name": "\u003c 4.6.3",
"product": {
"name": "SICK Package Analytics \u003c 4.6.3",
"product_id": "CSAFPID-0011"
}
},
{
"category": "product_version",
"name": "4.6.2",
"product": {
"name": "SICK Package Analytics 4.6.2",
"product_id": "CSAFPID-0012"
}
},
{
"category": "product_version",
"name": "4.6.3",
"product": {
"name": "SICK Package Analytics 4.6.3",
"product_id": "CSAFPID-0013"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Package Analytics all versions",
"product_id": "CSAFPID-0020"
}
}
],
"category": "product_name",
"name": "Package Analytics"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.6.2",
"product": {
"name": "SICK Logistic Diagnostic Analytics \u003c 4.6.2",
"product_id": "CSAFPID-0014"
}
},
{
"category": "product_version_range",
"name": "\u003c 4.6.3",
"product": {
"name": "SICK Logistic Diagnostic Analytics \u003c 4.6.3",
"product_id": "CSAFPID-0015"
}
},
{
"category": "product_version",
"name": "4.6.2",
"product": {
"name": "SICK Logistic Diagnostic Analytics 4.6.2",
"product_id": "CSAFPID-0016"
}
},
{
"category": "product_version",
"name": "4.6.3",
"product": {
"name": "SICK Logistic Diagnostic Analytics 4.6.3",
"product_id": "CSAFPID-0017"
}
},
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK Logistic Diagnostic Analytics all versions",
"product_id": "CSAFPID-0021"
}
}
],
"category": "product_name",
"name": "Logistic Diagnostic Analytics"
}
],
"category": "product_family",
"name": "Logistic Analytics"
}
],
"category": "vendor",
"name": "SICK AG"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9914",
"cwe": {
"id": "CWE-288",
"name": "Authentication Bypass Using an Alternate Path or Channel"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The credentials of the users stored in the system\u0027s local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "Authentication with database users is possible"
},
{
"cve": "CVE-2025-9913",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "JavaScript can be run inside the address bar via the dashboard \"Open in new Tab\" button, making the application vulnerable to session hijacking.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 4.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 4.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "Cross Site Scripting: Session Hijacking"
},
{
"cve": "CVE-2025-58587",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
]
}
],
"title": "Improper Restriction of Excessive Authentication Attempts"
},
{
"cve": "CVE-2025-49184",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0001"
]
}
],
"title": "Information Disclosure to Unauthorized User"
},
{
"cve": "CVE-2025-58589",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalScore": 2.7,
"environmentalSeverity": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 2.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "Information Disclosure Through Stacktrace - /User/User"
},
{
"cve": "CVE-2025-58590",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "It\u0027s possible to brute force folders and files, which can be used by an attacker to steal sensitive information.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0012",
"CSAFPID-0016"
],
"known_affected": [
"CSAFPID-0002",
"CSAFPID-0006",
"CSAFPID-0010",
"CSAFPID-0014"
],
"recommended": [
"CSAFPID-0004",
"CSAFPID-0008",
"CSAFPID-0012",
"CSAFPID-0016"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update to the latest version (\u003e= 4.6.2).",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0006",
"CSAFPID-0010",
"CSAFPID-0014"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0002",
"CSAFPID-0006",
"CSAFPID-0010",
"CSAFPID-0014"
]
}
],
"title": "Path traversal \u2013 get list of files and folders"
},
{
"cve": "CVE-2025-58591",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "Path Traversal \u2013 Read File Content"
},
{
"cve": "CVE-2025-58584",
"cwe": {
"id": "CWE-598",
"name": "Use of GET Request Method With Sensitive Query Strings"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
]
}
],
"title": "Plain Text Transmission of Username and Password in the URL"
},
{
"cve": "CVE-2025-58585",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "Sensitive Information Disclosure Through Missing Authentication"
},
{
"cve": "CVE-2025-58586",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
]
}
],
"title": "User Enumeration"
},
{
"cve": "CVE-2025-58579",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
},
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015",
"CSAFPID-0001"
]
}
],
"title": "Username Disclosure Through Missing Authentication"
},
{
"cve": "CVE-2025-58583",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application provides access to a login protected H2 database for caching purposes. The username is prefilled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "H2 \u2013 User Enumeration"
},
{
"cve": "CVE-2025-58581",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Information Disclosure Through Stacktrace-/MQTT/Config/changeAll"
},
{
"cve": "CVE-2025-58580",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Injection via log file"
},
{
"cve": "CVE-2025-58582",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it\u2019s possible to send giant payloads which are then logged.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Uncontrolled Resource Consumption via log file"
},
{
"cve": "CVE-2025-58578",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or restrictions to limit the creation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 3.8,
"environmentalSeverity": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"temporalScore": 3.8,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001"
]
}
],
"title": "Unlimited user creation by authorized users"
},
{
"cve": "CVE-2025-49186",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "No Brute-Force Protection"
},
{
"cve": "CVE-2025-49193",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
],
"known_affected": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
],
"recommended": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0013",
"CSAFPID-0017"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "It is strongly recommended to update the product to version 4.6.3.",
"product_ids": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.2,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.2,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0003",
"CSAFPID-0007",
"CSAFPID-0011",
"CSAFPID-0015"
]
}
],
"title": "Missing HTTP Security Headers"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…