SICK Field Analytics and Media Server Backup ZIP Modification Vulnerability

A vulnerability exists in SICK Field Analytics all versions and SICK Media Server through 1.4, where backup ZIP files are not signed by the application. This lack of verification allows an attacker to download a backup ZIP, modify its contents, and re-upload it. Such actions can disrupt the application by misconfiguring services, rendering the application unusable. Additionally, this manipulation can be exploited to redirect internal traffic to external, attacker-controlled services, potentially leading to unauthorized information gathering.

Impact

Exploitation of this vulnerability can cause the application to misconfigure services, making it unusable. It also allows for the redirection of internal traffic to external services, where information can be collected.

Remediation

Users are advised to ensure that only trusted entities have access to the device. It is also recommended to follow general security practices when operating the product. Resources such as the 'SICK Operating Guidelines' and 'ICS-CERT recommended practices on Industrial Security' can assist in implementing these security measures.