CVE-2025-49181
Configurations endpoint does not require authorization
Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET
requests to gather sensitive information. An attacker could also send HTTP POST requests to modify
the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service
attack.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Productos afectados
SICK AG · SICK Media Server¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDFhttps://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.jsonhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf