Primary

Context

SICK Field Analytics and Media Server Missing Authorization Vulnerability Allowing Information Disclosure and Denial-of-Service

Vulnerability

A vulnerability exists in SICK Field Analytics and SICK Media Server due to a missing authorization on an API endpoint. This flaw allows unauthorized users to send HTTP GET requests to access sensitive information. Additionally, attackers can use HTTP POST requests to alter the log files' root path and the TCP ports the service operates on, potentially causing a denial-of-service condition.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information and manipulation of log file paths and TCP ports, causing a denial-of-service condition.

Remediation

Users can enable authorization for the API endpoint by obtaining a license. For SICK Media Server versions through 1.4, upgrading to version 1.5 or later is recommended.

Added: Jun 12, 2025, 3:03 PM

Updated: Jun 12, 2025, 5:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SICK Field Analytics and Media Server Missing Authorization Vulnerability Allowing Information Disclosure and Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating