CVE-2025-49193
Missing HTTP Security Headers
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Productos afectados
SICK AG · Baggage AnalyticsSICK AG · Field AnalyticsSICK AG · Logistic Diagnostic AnalyticsSICK AG · Media ServerSICK AG · Package AnalyticsSICK AG · Tire Analytics¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDFhttps://sick.com/psirthttps://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.first.org/cvss/calculator/3.1https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.jsonhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0007.pdf