SCA-2024-0001 (Last Update: 2024-01-29): Vulnerability in SICK Logistics Analytics Products and SICK Field Analytics

SICK Security Advisory

A critical vulnerability in Apache ActiveMQ affects the SICK products Field Analytics 1.2 and Logistics Analytics products 4.5. The Java OpenWire protocol marshaller that is used in ActiveMQ Classic and ActiveMQ Artemis is vulnerable to Remote Code execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Therefore it is strongly recommended to upgrade both Logistics Analytics products 4.5 and Field Analytics 1.2 to the latest release. Prior versions of Logistics Analytics products are not affected.