Security Header Vulnerability in SICK's Web Application
CVE-2025-49193

4.2MEDIUM

Key Information:

Vendor: Sick Ag
Status: Sick Field Analytics; Sick Media Server
Vendor: CVE Published:; 12 June 2025

What is CVE-2025-49193?

The SICK web application exhibits vulnerabilities due to the absence of critical security headers. This oversight compromises the application's resilience against various attacks, including Clickjacking and Cross-Site Scripting (XSS). By failing to implement protective headers, such as those that prevent content rendering in an iframe or block the execution of unauthorized JavaScript, the application remains susceptible to exploitation. It is imperative for users to adhere to security best practices and implement the necessary configurations to safeguard against potential threats.

Affected Version(s)

SICK Field Analytics all versions

SICK Media Server 0 < 1.5

References

https://sick.com/psirt

x_SICK PSIRT Website

https://cdn.sick.com/media/docs/1/11/411/Special_informat...

x_SICK Operating Guidelines

https://www.cisa.gov/resources-tools/resources/ics-recomm...

x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2025
Vulnerability Reserved
Jun 3, 2025

Sick Ag

What is CVE-2025-49193?

Affected Version(s)

References

CVSS V3.1

Timeline