In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs, browser histories or proxy servers. As a result, there is a high risk that this sensitive data will be disclosed unintentionally.
Weakness
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Baggage_analytics | Sick | * | * |
| Enterprise_analytics | Sick | * | * |
| Logistic_diagnostic_analytics | Sick | * | * |
| Package_analytics | Sick | * | * |
| Tire_analytics | Sick | * | * |
Potential Mitigations
References
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf