SICK Enterprise and Logistic Analytics Products Information Disclosure Vulnerability

A vulnerability exists in SICK Enterprise Analytics and SICK Logistic Analytics products, all versions, allowing unauthorized access to sensitive information. This issue arises from improper authorization of configuration settings, which enables remote attackers to gather internal application data. Additionally, when errors occur, the application reveals full stack traces, including class and method names, which can be exploited to understand the application's structure and technology stack.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, including sensitive application data and internal error details that could aid in further attacks.

Remediation

Users are advised to ensure that only trusted entities have access to the device. It is also recommended to follow the SICK Operating Guidelines and the ICS-CERT recommended practices for Industrial Security to create a protected IT environment.