GCVE - cpe:2.3:a:n/a:sick_package_analytics:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:sick_package_analytics:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Sick Package Analytics (`af445b45-98de-5f0b-93b9-4d9e33bf51bc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-2078`	vulnerable	2026-06-08 05:24:58.863147	Details available Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information. Published: 2020-07-29T13:19:01.000Z Updated: 2024-08-04T06:54:00.579Z Open on db.gcve.eu Reference links https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-2077`	vulnerable	2026-06-08 05:24:58.862741	Details available SICK Package Analytics software up to and including version V04.0.0 are vulnerable due to incorrect default permissions settings. An unauthorized attacker could read sensitive data from the system by querying for known files using the REST API directly. Published: 2020-07-29T13:18:59.000Z Updated: 2024-08-04T06:54:00.702Z Open on db.gcve.eu Reference links https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-2076`	vulnerable	2026-06-08 05:24:58.861552	Details available SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication. Published: 2020-07-29T13:18:55.000Z Updated: 2024-08-04T06:54:00.613Z Open on db.gcve.eu Reference links https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.