CVE-2020-2076
First published: Wed Jul 29 2020(Updated: )
SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication.
Credit: psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SICK Package Analytics | <=04.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-2076?
CVE-2020-2076 is a critical vulnerability due to its ability to bypass authentication controls.
How do I fix CVE-2020-2076?
To fix CVE-2020-2076, upgrade the SICK Package Analytics software to a later version beyond V04.0.0.
What systems are affected by CVE-2020-2076?
CVE-2020-2076 affects all versions of SICK Package Analytics software up to and including version V04.0.0.
What type of attack does CVE-2020-2076 enable?
CVE-2020-2076 enables attackers to send unauthorized requests and potentially write files by exploiting the REST API.
Is there a workaround for CVE-2020-2076?
A temporary workaround for CVE-2020-2076 involves restricting access to the REST API until the software can be updated.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/sick
- canonical/sick package analytics
- version/sick package analytics/04.0.0