CVE-2020-2078

MEDIUM

Sick Package Analytics < 04.1.1 - Insufficiently Protected Credentials

Title source: rule

Description

Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.

References (1)

[Vendor Advisory] https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories

Scores

CVSS v3 6.5

EPSS 0.0022

EPSS Percentile 43.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

sick/package_analytics < 04.1.1

Timeline

Published Jul 29, 2020

Tracked Since Feb 18, 2026