Sensor manufacturer "Sick" discovered a security vulnerability in support portal

Sick AG, a manufacturer of intelligent sensors and sensor solutions, has discovered a security vulnerability in its support portal. Sick AG cites a misconfiguration of the external service provider that hosts the support portal and the data on it on its server within the EU as the cause. As a result, the access restrictions on an NFS storage system had failed. A spokesperson told heise online.

It is still unclear how many customers are affected. The state data protection officer for Baden-Württemberg, Prof. Tobias Keber, has already been informed.

No signs of a cyberattack

As a result, it was temporarily possible to access customer data in the support portal and Sick data without logging in. It is assumed that, among other things, customers' company email addresses were leaked, which could be used for phishing attacks. There were no signs of a cyberattack. The affected data records are still being analyzed in close cooperation with Sick's IT security team, external experts and forensic scientists. "If products are critically affected, the affected customers will be informed immediately," said a spokesperson.

Sick immediately took measures to block unauthorized data access and blocked the support portal for security reasons. A new support portal will be hosted in a different system environment. According to the manufacturer, it has already begun informing its customers about the incident.

"The incident has no impact on Sick's own system landscape and its associated databases. Our operational processes in production, logistics, development and administration will therefore continue to run without restrictions and our ability to deliver is guaranteed," the spokesperson told heise online.

(mack)