Vulnerability Details CVE-2025-9913
JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 15.1%
CVSS Severity
CVSS v3 Score 4.5
References
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
Products affected by CVE-2025-9913
-
cpe:2.3:a:sick:baggage_analytics:*
-
cpe:2.3:a:sick:logistic_diagnostic_analytics:*
-
cpe:2.3:a:sick:package_analytics:04.0.0
-
cpe:2.3:a:sick:package_analytics:04.1.1
-
cpe:2.3:a:sick:tire_analytics:*