SICK Analytics Products Plain Text Transmission of Credentials Vulnerability

A vulnerability exists in SICK Enterprise Analytics and SICK Logistic Analytics products, where usernames and passwords are transmitted in the URL as parameters. This method of transmission poses a risk of unintentional disclosure of sensitive information, as URLs can be stored in server logs, browser histories, or proxy servers.

Impact

Exploitation of this vulnerability allows for unauthorized access to the application, potentially compromising its confidentiality.

Remediation

Users are advised to ensure that only trusted entities have access to the device. Additionally, SICK recommends following general security practices to operate the product in a secure IT environment. Resources such as the 'SICK Operating Guidelines' and 'ICS-CERT recommended practices on Industrial Security' can assist in implementing these practices.