CVE-2020-2078

EPSS 0.22%
Veröffentlicht 29.07.2020 14:15:12
Zuletzt bearbeitet 21.11.2024 05:24:34
Quelle psirt@sick.de
CVE-Watchlists
Login
Unerledigt
Login

Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sick ≫ Package Analytics Version <= 04.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.411

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-2078

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-2078

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-2078

EUVD