CVE-2020-2076
CRITICALSICK Package Analytics <= 04.0.0 - Unauthenticated Authentication Bypass via REST API
Title source: llmDescription
SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories
Scores
CVSS v3
9.8
EPSS
0.0126
EPSS Percentile
65.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
sick/package_analytics
< 04.0.0
Published
Jul 29, 2020
Tracked Since
Feb 18, 2026