CVE-2025-49185

MEDIUM

SICK Field Analytics - Stored Cross-Site Scripting via Dashboard Widget Transform Function

Title source: llm
STIX 2.1

Description

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source.

References (6)

Core 6
Core References
Vendor Advisory x_sick psirt website
https://sick.com/psirt
US Government Resource x_ics-cert recommended practices on industrial security
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
Not Applicable x_cvss v3.1 calculator
https://www.first.org/cvss/calculator/3.1

Scores

CVSS v3 5.5
EPSS 0.0024
EPSS Percentile 15.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
sick/field_analytics
Published Jun 12, 2025
Tracked Since Feb 18, 2026