Cross-Site Scripting Vulnerability in SICK Web Application
CVE-2025-49185

5.5MEDIUM

Key Information:

Vendor

Sick Ag

Status
Sick Field Analytics
Vendor
CVE Published:
12 June 2025

What is CVE-2025-49185?

The SICK web application is vulnerable to cross-site scripting attacks, enabling attackers who can create new dashboard widgets to inject harmful JavaScript code. This malicious script executes whenever the vulnerable widget processes information from its data source, posing significant risks to data integrity and security.

Affected Version(s)

SICK Field Analytics all versions

References

https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_informat...
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.