12 matches found
CVE-2025-49186
CVE-2025-49186 describes insufficient measures to prevent multiple failed authentication attempts, enabling brute-force attempts. Connected sources tie this to vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics products (PSIRT), noting potential impacts to confidentiality an...
CVE-2025-49199
CVE-2025-49199 involves unsigned backup ZIP files used by the application, allowing an attacker to download, modify, and re-upload a backup ZIP. This can disrupt the application by configuring services to prevent operation and redirect internal traffic to attacker-hosted services, potentially exp...
CVE-2025-49196
CVE-2025-49196 is associated in connected sources with SICK Field Analytics and SICK Media Server, where the vulnerability stems from supporting a deprecated and unsafe TLS version. Impacts are described as affecting confidentiality and integrity; exploitation details are not provided, and public...
CVE-2025-49190
CVE-2025-49190 is associated with a Server-Side Request Forgery (SSRF) in SICK Field Analytics and SICK Media Server. The linked Sick PSIRT entry states multiple vulnerabilities in those products could affect confidentiality, integrity, and availability, with SSRF allowing an endpoint to initiate...
CVE-2025-49200
CVE-2025-49200 describes unencrypted backup files that can lead to disclosure of sensitive information when a backup is downloaded and decompressed. The linked sources reference SICK Field Analytics and SICK Media Server in relation to vulnerable backups, with no explicit product version or compo...
CVE-2025-49192
CVE-2025-49192 is a clickjacking vulnerability affecting SICK Field Analytics and SICK Media Server, where the web UI can be embedded in a frame to mislead users and potentially expose confidential data or enable control gains. The issue is described across multiple sources (SICK PSIRT and relate...
CVE-2025-49187
The CVE-2025-49187 issue is a username-enumeration vulnerability observable during failed logins: the system returns different error messages for incorrect passwords versus non-existing usernames. This behavior allows an attacker to determine which usernames exist in the system. Affected context ...
CVE-2025-49188
CVE-2025-49188 affects SICK Field Analytics and SICK Media Server. The root cause is transmitting user credentials via URL parameters instead of POST bodies, enabling information gathering and potential confidentiality impact. Public exploit details are not provided in the connected documents. Se...
CVE-2025-49184
CVE-2025-49184 describes an information-disclosure issue caused by missing authorization for configuration settings, enabling a remote attacker to gather sensitive application data. Connected sources reference SICK Field Analytics and SICK Media Server as affected products and reiterate the unaut...
CVE-2025-49185
CVE-2025-49185 is a stored cross-site scripting vulnerability affecting SICK Field Analytics and SICK Media Server. The issue arises in dashboard widgets: an attacker who can create new widgets can inject malicious JavaScript into the Transform Function, which executes when the widget processes d...
CVE-2025-49193
Technical details (affected product/versions/root cause/fix) are not publicly provided in the supplied documents; monitor for updates.
CVE-2025-49191
CVE-2025-49191 describes code execution via linked URLs embedded when creating iFrame widgets and dashboards. The vulnerability affects dashboards/iFrame widget creation where attacker-supplied URLs are embedded, enabling code execution when other users load the affected dashboard. Exploitation r...