Security Header Vulnerability in SICK's Web Application
CVE-2025-49193

4.2MEDIUM

Key Information:

Vendor

Sick Ag

Status
Field Analytics
Media Server
Baggage Analytics
Tire Analytics
Vendor
CVE Published:
12 June 2025

What is CVE-2025-49193?

The SICK web application exhibits vulnerabilities due to the absence of critical security headers. This oversight compromises the application's resilience against various attacks, including Clickjacking and Cross-Site Scripting (XSS). By failing to implement protective headers, such as those that prevent content rendering in an iframe or block the execution of unauthorized JavaScript, the application remains susceptible to exploitation. It is imperative for users to adhere to security best practices and implement the necessary configurations to safeguard against potential threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Baggage Analytics all version

Field Analytics all versions

Logistic Diagnostic Analytics all versions

References

https://sick.com/psirt
x_SICK PSIRT Website
https://cdn.sick.com/media/docs/1/11/411/Special_informat...
x_SICK Operating Guidelines
https://www.cisa.gov/resources-tools/resources/ics-recomm...
x_ICS-CERT recommended practices on Industrial Security

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.