NotCVE - vendor:"Sick" product:"Package Analytics" version:" <= 04.1.1"

3 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-2078

https://notcve.org/view.php?id=CVE-2020-2078

29 Jul 2020 — Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information. Las contraseñas son almacenadas en texto plano dentro de la configuración del software SICK Package Analytics versiones ... • https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-2077

https://notcve.org/view.php?id=CVE-2020-2077

29 Jul 2020 — SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly. El software SICK Package Analytics versiones hasta V04.0.0 incluyéndola, es vulnerable debido a una configuración de permisos predeterminada incorrecta. Un atacante no autorizado podría leer datos confidenciales del sistema al consultar archivos conocidos us... • https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories • CWE-276: Incorrect Default Permissions •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-2076

https://notcve.org/view.php?id=CVE-2020-2076

29 Jul 2020 — SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication. El software SICK Package Analytics versiones hasta V04.0.0 incluyéndola, es vulnerable a una omisión de autenticación al interactuar directamente con la API REST. Un atacante puede enviar ... • https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories • CWE-306: Missing Authentication for Critical Function •