CVE-2020-2077
First published: Wed Jul 29 2020(Updated: )
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly.
Credit: psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SICK Package Analytics | <=04.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-2077?
CVE-2020-2077 has a medium severity rating due to its potential for unauthorized data access.
Who is affected by CVE-2020-2077?
CVE-2020-2077 affects all versions of SICK Package Analytics up to and including version V04.0.0.
How do I fix CVE-2020-2077?
To fix CVE-2020-2077, update SICK Package Analytics to a version later than V04.0.0.
What kind of data is at risk due to CVE-2020-2077?
CVE-2020-2077 allows unauthorized attackers to read sensitive data stored in the system.
Can CVE-2020-2077 be exploited remotely?
Yes, CVE-2020-2077 can be exploited remotely via the REST API by querying known files.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/sick
- canonical/sick package analytics
- version/sick package analytics/04.0.0