CVE-2025-49192

MEDIUM

Web Application - CSRF

Title source: llm

Description

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of their computer while clicking on seemingly innocuous objects.

References (6)

[Vendor Advisory] https://sick.com/psirt

[Broken Link] https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

[US Government Resource] https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

[Not Applicable] https://www.first.org/cvss/calculator/3.1

[Vendor Advisory] https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf

[Vendor Advisory] https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.json

Scores

CVSS v3 4.3

EPSS 0.0023

EPSS Percentile 45.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1021

Status published

Products (2)

sick/field_analytics

sick/media_server < 1.5

Published Jun 12, 2025

Tracked Since Feb 18, 2026