CVE-2020-2078
MEDIUMSICK Package Analytics <= 04.1.1 - Insufficiently Protected Credentials
Title source: llmDescription
Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories
Scores
CVSS v3
6.5
EPSS
0.0075
EPSS Percentile
50.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-522
Status
published
Products (1)
sick/package_analytics
< 04.1.1
Published
Jul 29, 2020
Tracked Since
Feb 18, 2026