Clickjacking Vulnerability in SICK Web Applications
CVE-2025-49192

4.3MEDIUM

Key Information:

Vendor: Sick Ag
Status: Sick Field Analytics; Sick Media Server
Vendor: CVE Published:; 12 June 2025

What is CVE-2025-49192?

This vulnerability enables attackers to execute clickjacking attacks on SICK web applications. By embedding the vulnerable site within a malicious frame, users are misled into clicking on claims that differ from their intentions, potentially exposing confidential data or compromising their control over their own computing devices. Users remain at risk of revealing sensitive information or executing undesirable actions due to the deceptive nature of the interface.

Affected Version(s)

SICK Field Analytics all versions

SICK Media Server 0 < 1.5

References

https://sick.com/psirt

x_SICK PSIRT Website

https://cdn.sick.com/media/docs/1/11/411/Special_informat...

x_SICK Operating Guidelines

https://www.cisa.gov/resources-tools/resources/ics-recomm...

x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Jun 3, 2025

Sick Ag

What is CVE-2025-49192?

Affected Version(s)

References

CVSS V3.1

Timeline