SICK Field Analytics and Media Server Credentials Transmission Vulnerability

A vulnerability exists in SICK Field Analytics and SICK Media Server versions through 1.4, where user credentials are sent as URL parameters instead of in the POST body. This flaw exposes sensitive information to unauthorized actors and could be exploited to modify application log file settings, potentially leading to a denial-of-service condition.

Impact

This vulnerability allows for the interception of user credentials, which could be exploited to gain unauthorized access to the application. Additionally, it could be used to disrupt application functionality by causing logged services to fail.

Remediation

Users of SICK Media Server are advised to upgrade to version 1.5 or later. For SICK Field Analytics, ensure that only trusted entities have access to the device and apply general security measures to operate the product in a protected IT environment.