CVE-2025-49183

{"id": "CVE-2025-49183", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@sick.de", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-06-12T14:15:30.580", "references": [{"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF", "tags": ["Broken Link"], "source": "psirt@sick.de"}, {"url": "https://sick.com/psirt", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["US Government Resource"], "source": "psirt@sick.de"}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["Not Applicable"], "source": "psirt@sick.de"}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@sick.de", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files."}, {"lang": "es", "value": "Toda la comunicaci\u00f3n con la API REST no est\u00e1 cifrada (HTTP), lo que permite a un atacante interceptar el tr\u00e1fico entre un actor y el servidor web. Esto permite la recopilaci\u00f3n de informaci\u00f3n y la descarga de archivos multimedia."}], "lastModified": "2026-01-29T17:59:18.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A30940D7-F22D-415A-94A3-493D531514BB"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@sick.de"}