SICK H2 Database Vulnerability Allowing User Enumeration

A vulnerability has been identified in the SICK application that provides access to a login-protected H2 database for caching purposes. The vulnerability arises because the username field is prefilled, potentially allowing for unauthorized access. This issue is present in SICK Enterprise Analytics and SICK Logistic Analytics products, all versions.

Impact

Exploitation of this vulnerability could lead to unauthorized access by allowing an attacker to log in using database credentials, thereby bypassing normal authentication mechanisms.

Reproduction

The vulnerability can be reproduced by accessing the application, where the H2 database login page will appear with the username field prefilled. This prefilled username can be used to log in, taking advantage of the authentication bypass.

Remediation

Users are advised to ensure that only trusted entities have access to the device. Additionally, SICK recommends following general security practices to operate the product in a protected IT environment. Resources such as the 'SICK Operating Guidelines' and 'ICS-CERT recommended practices on Industrial Security' can assist in implementing these security measures.