Lucene search
K
SickField Analytics

12 matches found

CVE
CVE
added 2025/06/12 1:27 p.m.52 views

CVE-2025-49186

CVE-2025-49186 describes insufficient measures to prevent multiple failed authentication attempts, enabling brute-force attempts. Connected sources tie this to vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics products (PSIRT), noting potential impacts to confidentiality an...

6.5CVSS7.3AI score0.0032EPSS
CVE
CVE
added 2025/06/12 2:26 p.m.50 views

CVE-2025-49199

CVE-2025-49199 involves unsigned backup ZIP files used by the application, allowing an attacker to download, modify, and re-upload a backup ZIP. This can disrupt the application by configuring services to prevent operation and redirect internal traffic to attacker-hosted services, potentially exp...

9.8CVSS7AI score0.00287EPSS
CVE
CVE
added 2025/06/12 2:20 p.m.49 views

CVE-2025-49196

CVE-2025-49196 is associated in connected sources with SICK Field Analytics and SICK Media Server, where the vulnerability stems from supporting a deprecated and unsafe TLS version. Impacts are described as affecting confidentiality and integrity; exploitation details are not provided, and public...

9.1CVSS6.9AI score0.00218EPSS
CVE
CVE
added 2025/06/12 2:6 p.m.48 views

CVE-2025-49190

CVE-2025-49190 is associated with a Server-Side Request Forgery (SSRF) in SICK Field Analytics and SICK Media Server. The linked Sick PSIRT entry states multiple vulnerabilities in those products could affect confidentiality, integrity, and availability, with SSRF allowing an endpoint to initiate...

5.8CVSS7.2AI score0.00291EPSS
CVE
CVE
added 2025/06/12 2:27 p.m.48 views

CVE-2025-49200

CVE-2025-49200 describes unencrypted backup files that can lead to disclosure of sensitive information when a backup is downloaded and decompressed. The linked sources reference SICK Field Analytics and SICK Media Server in relation to vulnerable backups, with no explicit product version or compo...

7.5CVSS6.8AI score0.00388EPSS
CVE
CVE
added 2025/06/12 2:12 p.m.47 views

CVE-2025-49192

CVE-2025-49192 is a clickjacking vulnerability affecting SICK Field Analytics and SICK Media Server, where the web UI can be embedded in a frame to mislead users and potentially expose confidential data or enable control gains. The issue is described across multiple sources (SICK PSIRT and relate...

6.1CVSS6.9AI score0.00274EPSS
CVE
CVE
added 2025/06/12 1:29 p.m.45 views

CVE-2025-49187

The CVE-2025-49187 issue is a username-enumeration vulnerability observable during failed logins: the system returns different error messages for incorrect passwords versus non-existing usernames. This behavior allows an attacker to determine which usernames exist in the system. Affected context ...

5.3CVSS7.2AI score0.00344EPSS
CVE
CVE
added 2025/06/12 2:2 p.m.45 views

CVE-2025-49188

CVE-2025-49188 affects SICK Field Analytics and SICK Media Server. The root cause is transmitting user credentials via URL parameters instead of POST bodies, enabling information gathering and potential confidentiality impact. Public exploit details are not provided in the connected documents. Se...

7.5CVSS6.9AI score0.00367EPSS
CVE
CVE
added 2025/06/12 1:24 p.m.44 views

CVE-2025-49184

CVE-2025-49184 describes an information-disclosure issue caused by missing authorization for configuration settings, enabling a remote attacker to gather sensitive application data. Connected sources reference SICK Field Analytics and SICK Media Server as affected products and reiterate the unaut...

7.5CVSS6.8AI score0.00412EPSS
CVE
CVE
added 2025/06/12 1:25 p.m.44 views

CVE-2025-49185

CVE-2025-49185 is a stored cross-site scripting vulnerability affecting SICK Field Analytics and SICK Media Server. The issue arises in dashboard widgets: an attacker who can create new widgets can inject malicious JavaScript into the Transform Function, which executes when the widget processes d...

5.5CVSS7.2AI score0.00245EPSS
CVE
CVE
added 2025/06/12 2:15 p.m.44 views

CVE-2025-49193

Technical details (affected product/versions/root cause/fix) are not publicly provided in the supplied documents; monitor for updates.

6.1CVSS7.3AI score0.00263EPSS
CVE
CVE
added 2025/06/12 2:8 p.m.42 views

CVE-2025-49191

CVE-2025-49191 describes code execution via linked URLs embedded when creating iFrame widgets and dashboards. The vulnerability affects dashboards/iFrame widget creation where attacker-supplied URLs are embedded, enabling code execution when other users load the affected dashboard. Exploitation r...

6.1CVSS7.6AI score0.00287EPSS