13 matches found
CVE-2025-49186
CVE-2025-49186 describes insufficient measures to prevent multiple failed authentication attempts, enabling brute-force attempts. Connected sources tie this to vulnerabilities in SICK Enterprise Analytics and SICK Logistic Analytics products (PSIRT), noting potential impacts to confidentiality an...
CVE-2025-49184
CVE-2025-49184 describes an information-disclosure issue caused by missing authorization for configuration settings, enabling a remote attacker to gather sensitive application data. Connected sources reference SICK Field Analytics and SICK Media Server as affected products and reiterate the unaut...
CVE-2025-49193
Technical details (affected product/versions/root cause/fix) are not publicly provided in the supplied documents; monitor for updates.
CVE-2025-58587
The CVE-2025-58587 entry describes improper restriction of excessive authentication attempts, enabling credential guessing due to insufficient protection against brute‑force login attempts. Connected documents corroborate a theme of brute‑force/authentication‑hint vulnerabilities in SICK products...
CVE-2025-58590
CVE-2025-58590 is described across multiple sources as a path traversal/brute-force vulnerability in SICK analytics products (notably SICK Enterprise Analytics and SICK Logistic Analytics) that could lead to disclosure of sensitive information. The connected documents confirm the vulnerability pa...
CVE-2025-58591
CVE-2025-58591 describes a path traversal vulnerability affecting SICK Enterprise Analytics and SICK Logistic Analytics products, allowing a remote attacker to brute-force folders and files to read sensitive data (e.g., private keys/configs). Connected sources indicate affected SICK software, but...
CVE-2025-9913
CVE-2025-9913 describes a cross-site scripting issue where JavaScript can be executed from the address bar via the dashboard’s “Open in new Tab” button, enabling session hijacking. Affected product family includes SICK Enterprise Analytics and related SICK analytics dashboards (e.g., SICK Baggage...
CVE-2025-9914
CVE-2025-9914 involves credentials stored in the system’s local database that can be used for login, potentially granting unauthorized access and affecting confidentiality. Connected documents identify SICK products (e.g., SICK AG Baggage Analytics) as affected, with the root cause described as l...
CVE-2025-58584
CVE-2025-58584 pertains to credentials transmitted in the URL as parameters in HTTP requests, which can be logged or cached by servers, browsers, or proxies. Connected docs associate this with SICK Enterprise Analytics and SICK Logistic Analytics products and indicate a risk of disclosure of user...
CVE-2025-58585
CVE-2025-58585 concerns multiple endpoints in SICK analytics products that expose sensitive information without authentication, enabling information gathering. Public documentation references include: (1) SICK Enterprise Analytics / SICK Logistic Analytics and related products (connected CVE entr...
CVE-2025-58586
CVE-2025-58586 affects SICK Enterprise Analytics and SICK Logistic Analytics products. The vulnerability stems from distinct error messages for login failures (incorrect password vs. non-existent username), enabling attacker-driven username enumeration. Reported impact: information disclosure (us...
CVE-2025-58579
The CVE-2025-58579 entry describes an authentication bypass where an unauthenticated user can request data from a specific endpoint, enabling user enumeration. Connected sources confirm the vulnerability relates to SICK Enterprise Analytics and SICK Logistic Analytics products (SICK PSIRT advisor...
CVE-2025-58589
CVE-2025-58589 describes an information-disclosure vulnerability where errors reveal full stack traces to users, exposing internal class/method names and application structure. Connected sources confirm affected SICK products: SICK Enterprise Analytics and SICK Logistic Analytics (for example, SI...