CVE-2025-49183
Unencrypted communication (HTTP)
All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
SICK AG · SICK Media ServerQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDFhttps://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.jsonhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf