CVE-2020-2078 - Vulnerability Details - OpenCVE

Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sick	Package Analytics

Configuration 1 [-]

cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: SICK AG

Published: 2020-07-29T13:19:01

Updated: 2024-08-04T06:54:00.579Z

Reserved: 2019-12-04T00:00:00

Link: CVE-2020-2078

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-07-29T14:15:12.973

Modified: 2024-11-21T05:24:34.343

Link: CVE-2020-2078

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SICK Package Analytics", "vendor": "n/a", "versions": [{"status": "affected", "version": "<=V04.1.1"}]}], "descriptions": [{"lang": "en", "value": "Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information."}], "problemTypes": [{"descriptions": [{"description": "Cleartext Storage of Sensitive Information", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-29T13:19:01", "orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@sick.de", "ID": "CVE-2020-2078", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SICK Package Analytics", "version": {"version_data": [{"version_value": "<=V04.1.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cleartext Storage of Sensitive Information"}]}]}, "references": {"reference_data": [{"name": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories", "refsource": "MISC", "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T06:54:00.579Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"}]}]}, "cveMetadata": {"assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "assignerShortName": "SICK AG", "cveId": "CVE-2020-2078", "datePublished": "2020-07-29T13:19:01", "dateReserved": "2019-12-04T00:00:00", "dateUpdated": "2024-08-04T06:54:00.579Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CC14C2E-8394-470C-A77F-DF21C154880D", "versionEndIncluding": "04.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information."}, {"lang": "es", "value": "Las contrase\u00f1as son almacenadas en texto plano dentro de la configuraci\u00f3n del software SICK Package Analytics versiones hasta V04.1.1 incluy\u00e9ndola. Un atacante autorizado podr\u00eda acceder a estas credenciales de texto plano almacenadas y conseguir acceso al servicio ftp. El almacenamiento de una contrase\u00f1a en texto plano permite a atacantes acceder f\u00e1cilmente a los sistemas, comprometiendo potencialmente la informaci\u00f3n personal u otra informaci\u00f3n confidencial"}], "id": "CVE-2020-2078", "lastModified": "2024-11-21T05:24:34.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-29T14:15:12.973", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}