Vulnerability Description
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sick | Baggage Analytics | All versions |
| Sick | Field Analytics | All versions |
| Sick | Logistic Diagnostic Analytics | All versions |
| Sick | Media Server | < 1.5 |
| Sick | Package Analytics | All versions |
| Sick | Tire Analytics | All versions |
Related Weaknesses (CWE)
References
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SIBroken Link
- https://sick.com/psirtVendor Advisory
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practicesUS Government Resource
- https://www.first.org/cvss/calculator/3.1Not Applicable
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.jsonVendor Advisory
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdfVendor Advisory
FAQ
What is CVE-2025-49193?
CVE-2025-49193 is a vulnerability with a CVSS score of 4.2 (MEDIUM). The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFr...
How severe is CVE-2025-49193?
CVE-2025-49193 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-49193?
Check the references section above for vendor advisories and patch information. Affected products include: Sick Baggage Analytics, Sick Field Analytics, Sick Logistic Diagnostic Analytics, Sick Media Server, Sick Package Analytics.