SICK Field Analytics and Media Server Unencrypted API Communication Vulnerability

A vulnerability exists in SICK Field Analytics and SICK Media Server all versions, where all communication with the REST API is unencrypted, allowing interception of traffic between the user and the web server. This vulnerability could be exploited to gather sensitive information and download media files. The issue arises from the use of unencrypted HTTP for API communications, leaving data exposed to potential interception.

Impact

Exploitation of this vulnerability allows for interception of unencrypted data transmitted via the REST API, including sensitive information and media files.

Remediation

Users of SICK Media Server are strongly recommended to upgrade to version 1.5 or later. For SICK Field Analytics, it is advised to apply general security measures when operating the product, such as minimizing network exposure and restricting access to trusted entities.