{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-49196","assignerOrgId":"a6863dd2-93fc-443d-bef1-79f0b5020988","state":"PUBLISHED","assignerShortName":"SICK AG","dateReserved":"2025-06-03T05:58:15.616Z","datePublished":"2025-06-12T14:20:53.321Z","dateUpdated":"2025-06-17T19:03:56.791Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","product":"SICK Field Analytics","vendor":"SICK AG","versions":[{"status":"affected","version":"all versions","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<code>A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device.</code>"}],"value":"A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities of other users or devices, affecting the confidentiality and integrity of the device."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-327","description":"CWE-327 Use of a Broken or Risky Cryptographic Algorithm","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"a6863dd2-93fc-443d-bef1-79f0b5020988","shortName":"SICK AG","dateUpdated":"2025-06-13T06:17:26.069Z"},"references":[{"tags":["x_SICK PSIRT Website"],"url":"https://sick.com/psirt"},{"tags":["x_SICK Operating Guidelines"],"url":"https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"},{"tags":["x_ICS-CERT recommended practices on Industrial Security"],"url":"https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"},{"tags":["x_CVSS v3.1 Calculator"],"url":"https://www.first.org/cvss/calculator/3.1"},{"tags":["vendor-advisory"],"url":"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf"},{"tags":["vendor-advisory","x_csaf"],"url":"https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json"}],"source":{"advisory":"sca-2025-0007","discovery":"INTERNAL"},"title":"Deprecated TLS version supported","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<code>Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices.</code>"}],"value":"Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \\\"SICK Operating Guidelines\\\" and \\\"ICS-CERT recommended practices on Industrial Security\\\" could help to implement the general security practices."}],"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-12T14:38:45.930361Z","id":"CVE-2025-49196","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-17T19:03:56.791Z"}}]}}