← back
CVE-2025-49183

Unencrypted communication (HTTP)

CVSS 7.5 HIGHEPSS 0.3%CWE-319
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
SICK AG · SICK Media Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDFhttps://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.jsonhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf