All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.
References
| Link | Resource |
|---|---|
| https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF | Broken Link |
| https://sick.com/psirt | Vendor Advisory |
| https://www.cisa.gov/resources-tools/resources/ics-recommended-practices | US Government Resource |
| https://www.first.org/cvss/calculator/3.1 | Not Applicable |
| https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json | Vendor Advisory |
| https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf | Vendor Advisory |
Configurations
History
29 Jan 2026, 17:59
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| CPE | cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:* | |
| First Time |
Sick media Server
Sick |
|
| References | () https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF - Broken Link | |
| References | () https://sick.com/psirt - Vendor Advisory | |
| References | () https://www.cisa.gov/resources-tools/resources/ics-recommended-practices - US Government Resource | |
| References | () https://www.first.org/cvss/calculator/3.1 - Not Applicable | |
| References | () https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json - Vendor Advisory | |
| References | () https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf - Vendor Advisory |
12 Jun 2025, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-06-12 14:15
Updated : 2026-01-29 17:59
NVD link : CVE-2025-49183
Mitre link : CVE-2025-49183
CVE.ORG link : CVE-2025-49183
JSON object : View
Products Affected
sick
- media_server
CWE
CWE-319
Cleartext Transmission of Sensitive Information
