Vulnerability Details CVE-2025-49193
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.3%
CVSS Severity
CVSS v3 Score 4.2
References
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf
Products affected by CVE-2025-49193
-
cpe:2.3:a:sick:baggage_analytics:*
-
cpe:2.3:a:sick:field_analytics:*
-
cpe:2.3:a:sick:logistic_diagnostic_analytics:*
-
cpe:2.3:a:sick:media_server:*
-
cpe:2.3:a:sick:package_analytics:04.0.0
-
cpe:2.3:a:sick:package_analytics:04.1.1
-
cpe:2.3:a:sick:tire_analytics:*