CVE-2020-2078

Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-07-29 14:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-2078

Mitre link : CVE-2020-2078

CVE.ORG link : CVE-2020-2078

JSON object : View

Products Affected

sick

package_analytics

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2020-2078", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-07-29T14:15:12.973", "references": [{"url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories", "tags": ["Vendor Advisory"], "source": "psirt@sick.de"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information."}, {"lang": "es", "value": "Las contrase\u00f1as son almacenadas en texto plano dentro de la configuraci\u00f3n del software SICK Package Analytics versiones hasta V04.1.1 incluy\u00e9ndola. Un atacante autorizado podr\u00eda acceder a estas credenciales de texto plano almacenadas y conseguir acceso al servicio ftp. El almacenamiento de una contrase\u00f1a en texto plano permite a atacantes acceder f\u00e1cilmente a los sistemas, comprometiendo potencialmente la informaci\u00f3n personal u otra informaci\u00f3n confidencial"}], "lastModified": "2020-08-03T17:11:55.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CC14C2E-8394-470C-A77F-DF21C154880D", "versionEndIncluding": "04.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@sick.de"}