← Back to CVEs

CVE-2025-49199

HIGH

8.8

Description

The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the attacker to disrupt the application by configuring the services in a way that they are unable to run, making the application unusable. They can redirect traffic that is meant to be internal to their own hosted services and gathering information.

CVE Details

CVSS v3.1 Score8.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published6/12/2025

Last Modified1/26/2026

Sourcenvd

Honeypot Sightings0

Affected Products

sick:field_analytics

Weaknesses (CWE)

CWE-345

References

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF(psirt@sick.de)

https://sick.com/psirt(psirt@sick.de)

https://www.cisa.gov/resources-tools/resources/ics-recommended-practices(psirt@sick.de)

https://www.first.org/cvss/calculator/3.1(psirt@sick.de)

https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json(psirt@sick.de)

https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf(psirt@sick.de)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.