Description
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to create new dashboards or iFrame widgets.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- high
- User Action
- required
- Scope
- changed
- Confidentiality
- low
- Integrity
- low
- Availability
- none
- Weaknesses
- CWE-1021
Metadata
- Primary Vendor
- SICK
- Published
- 6/12/2025
- Last Modified
- 1/29/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
sick : field_analytics
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.