Primary

Context

SICK Field Analytics and Media Server User Enumeration Vulnerability

Vulnerability

A vulnerability exists in SICK Field Analytics and SICK Media Server in all versions prior to 1.5, allowing for username enumeration through inconsistent error messages during login attempts. This discrepancy lets attackers identify valid usernames by distinguishing between failures caused by incorrect passwords and those due to non-existent usernames.

Impact

Exploitation of this vulnerability allows for user enumeration, where an attacker can identify valid usernames on the system.

Remediation

Users of SICK Media Server are advised to upgrade to version 1.5 or later. For SICK Field Analytics, it is recommended to apply general security practices when operating the product, such as minimizing network exposure and restricting access to trusted entities.

Added: Jun 12, 2025, 2:49 PM

Updated: Jun 12, 2025, 2:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SICK Field Analytics and Media Server User Enumeration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating