Unencrypted Backup Files in SICK Products
CVE-2025-49200

6.5MEDIUM

Key Information:

Vendor

Sick Ag

Status
Sick Field Analytics
Vendor
CVE Published:
12 June 2025

What is CVE-2025-49200?

The vulnerability arises from the creation of unencrypted backup files in certain SICK products. This flaw allows unauthorized users to potentially access sensitive information stored within these backups by downloading and extracting the files. Organizations utilizing affected SICK products should implement measures to ensure that backups are encrypted and securely managed to prevent data breaches and protect critical information.

Affected Version(s)

SICK Field Analytics all versions

References

https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_informat...
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.