SICK AG products and services are subject to the highest quality requirements. That is why cyber security is taken into account and tested in the development phase. To ensure that products and services are secure throughout their entire service life, reports on possible vulnerabilities are taken very seriously and handled with the greatest sense of responsibility. Uncovering vulnerabilities is understood as a common goal of different parties with the aim of offering our customers a consistently high level of security.

Instead, please report them to the SICK Product Security Incident Response Team psirt@sick.de. Reports can be sent in German or English. For more details visit: https://www.sick.com.

• Access control or authorization

• The product cannot handle and protect data protection relevant data in a data protection compliant manner.
• The product is not designed to collect, save or process personal data. The operating entity must ensure that the product is not used for collecting, saving or processing personal data.

• The product is not intended for use in safety-related applications. It may not have adequate cybersecurity functionality. If the product is used within a safety-related system, the system integrator is fully responsible for performing a complete security assessment and ensuring compliance with all applicable security standards.

• The product is not intended for use in easily accessible areas. The operating entity must protect the product from physical access. This applies also to access by persons who are authorized to be in the working area of the product.
• The operating entity must prevent access by unauthorized persons to the area where the product is operated.
• The operating entity must use suitable measures to protect the operating environment and the network to ensure a trustworthy communication between the product and other systems and devices.
• The operating entity must protect the transmission media (e.g. data lines) against access by unauthorized persons.
• The operating entity must ensure that all systems and devices in the wireless network in which the product is accessible are trustworthy. It must use suitable measures to protect the wireless network.

• The operating entity must configure the access data and access rights using the principle of least privilege.