SICK Field Analytics and Media Server Missing Authorization Vulnerability Allowing Information Disclosure
Vulnerability
A remote unauthorized attacker can access sensitive application information due to a lack of proper authorization on a configuration settings endpoint. This vulnerability affects SICK Field Analytics all versions and SICK Media Server versions through 1.4. Exploitation involves sending unencrypted HTTP requests to the vulnerable endpoint, which can lead to unauthorized information access or modification.
Impact
Successful exploitation allows unauthorized access to sensitive information and, in the case of SICK Media Server, the potential to disrupt service by causing the application to misconfigure its operations.
Remediation
Users of SICK Media Server are advised to upgrade to version 1.5 or later. For SICK Field Analytics, ensure that only trusted entities have access to the device and follow the SICK Operating Guidelines and ICS-CERT recommended practices for Industrial Security.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.