Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Sick Subscribe
Filtered by product Package Analytics
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-2076 1 Sick 1 Package Analytics 2021-07-21 7.5 HIGH 9.8 CRITICAL
SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication.
CVE-2020-2077 1 Sick 1 Package Analytics 2020-08-03 5.0 MEDIUM 7.5 HIGH
SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly.
CVE-2020-2078 1 Sick 1 Package Analytics 2020-08-03 4.0 MEDIUM 6.5 MEDIUM
Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.