CVE-2020-2078
First published: Wed Jul 29 2020(Updated: )
Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.
Credit: psirt@sick.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SICK Package Analytics | <=04.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-2078?
CVE-2020-2078 has a high severity rating due to the risk of unauthorized access to sensitive credentials.
How do I fix CVE-2020-2078?
To fix CVE-2020-2078, you should upgrade to a version of SICK Package Analytics later than 04.1.1 that addresses the plaintext password storage.
What types of credentials are affected by CVE-2020-2078?
CVE-2020-2078 specifically affects FTP service credentials that are stored in plaintext in the configuration files.
Who is impacted by CVE-2020-2078?
Organizations using SICK Package Analytics versions up to and including 04.1.1 are impacted by CVE-2020-2078.
Can an authorized attacker exploit CVE-2020-2078?
Yes, an authorized attacker can exploit CVE-2020-2078 to gain access to the FTP service by retrieving the plaintext stored passwords.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/sick
- canonical/sick package analytics
- version/sick package analytics/04.1.1