SICK Enterprise and Logistic Analytics Products Information Disclosure Vulnerability

A vulnerability exists in SICK Enterprise Analytics and SICK Logistic Analytics products, all versions, allowing unauthorized access to sensitive information. This issue arises from missing authorization on configuration settings, which can be exploited by remote attackers to gather internal application data. Additionally, the vulnerability includes improper error handling that exposes stack traces with detailed information about the application's structure and technology, further aiding potential exploitation.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, including sensitive application data and internal stack trace details that could be used to understand the application's structure and technology.

Remediation

Users are advised to ensure that only trusted entities have access to the affected devices. It is also recommended to follow the SICK Operating Guidelines and the ICS-CERT recommended practices for industrial security to mitigate the associated risks.