CVE-2025-49189

Medium CVSS: 5.3

The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can lead to a higher possibility of Cross-Side-Scripting attacks which target the stored cookies.

Vendor

Sick

Product

Media Server

CWE

CWE-1004

Yayın Tarihi

2025-06-12 14:15:31

Güncelleme

2026-02-06 14:29:51

Source Identifier

psirt@sick.de

KEV Date Added

Kategoriler

CWE-1004 Media Server MEDIUM Sick 2025

Referanslar

https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF https://sick.com/psirt https://www.cisa.gov/resources-tools/resources/ics-recommended-practices https://www.first.org/cvss/calculator/3.1 https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf

Benzer Kayıtlar

Medium

CVE-2026-1627

An attacker may exploit the use of outdated and weak MAC algorithms in the device’s SSH service to potentially compromis…

Medium

CVE-2026-1626

An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or ma…

Medium

CVE-2026-22644

Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft throu…

Medium

CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attack…

Medium

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end user…

Low

CVE-2026-22920

The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks.