CVE-2020-2078
Vulnerability from cvelistv5
Published
2020-07-29 13:19
Modified
2024-08-04 06:54
Severity ?
EPSS score ?
Summary
Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | SICK Package Analytics |
Version: <=V04.1.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:54:00.579Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SICK Package Analytics", "vendor": "n/a", "versions": [ { "status": "affected", "version": "\u003c=V04.1.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information." } ], "problemTypes": [ { "descriptions": [ { "description": "Cleartext Storage of Sensitive Information", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-29T13:19:01", "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@sick.de", "ID": "CVE-2020-2078", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SICK Package Analytics", "version": { "version_data": [ { "version_value": "\u003c=V04.1.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cleartext Storage of Sensitive Information" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories", "refsource": "MISC", "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories" } ] } } } }, "cveMetadata": { "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "assignerShortName": "SICK AG", "cveId": "CVE-2020-2078", "datePublished": "2020-07-29T13:19:01", "dateReserved": "2019-12-04T00:00:00", "dateUpdated": "2024-08-04T06:54:00.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-2078\",\"sourceIdentifier\":\"psirt@sick.de\",\"published\":\"2020-07-29T14:15:12.973\",\"lastModified\":\"2024-11-21T05:24:34.343\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.\"},{\"lang\":\"es\",\"value\":\"Las contrase\u00f1as son almacenadas en texto plano dentro de la configuraci\u00f3n del software SICK Package Analytics versiones hasta V04.1.1 incluy\u00e9ndola. Un atacante autorizado podr\u00eda acceder a estas credenciales de texto plano almacenadas y conseguir acceso al servicio ftp. El almacenamiento de una contrase\u00f1a en texto plano permite a atacantes acceder f\u00e1cilmente a los sistemas, comprometiendo potencialmente la informaci\u00f3n personal u otra informaci\u00f3n confidencial\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"04.1.1\",\"matchCriteriaId\":\"9CC14C2E-8394-470C-A77F-DF21C154880D\"}]}]}],\"references\":[{\"url\":\"https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories\",\"source\":\"psirt@sick.de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.