exploitDog

CVE-2025-49183

Опубликовано: 12 июн. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.

Ссылки

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
Broken Link
https://sick.com/psirt
Vendor Advisory
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
US Government Resource
https://www.first.org/cvss/calculator/3.1
Not Applicable
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json
Vendor Advisory
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sick:media_server:*:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00046

Низкий

7.5 High

CVSS3

Дефекты

CWE-319

Связанные уязвимости

GHSA-rpp7-mxqc-mp33

CVSS3: 7.5

github

8 месяцев назад

All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information gathering and downloading media files.

EPSS

Процентиль: 14%

0.00046

Низкий

7.5 High

CVSS3

Дефекты

CWE-319