What is CVE-2020-2076?

CVE-2020-2076 is a critical-severity vulnerability in Sick Package_analytics, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2020-07-29.

How severe is CVE-2020-2076?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Sick Package_analytics

CVE-2020-2076

SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls pr…

Vulnerability class: Broken Authentication

EPSS: 0.013 (65.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Sick Package_analytics
N/a Sick Package Analytics — versions <=V04.0.0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

psirt@sick.de (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2020-2076?: CVE-2020-2076 is a critical-severity vulnerability in Sick Package_analytics, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2020-07-29.
How severe is CVE-2020-2076?: Critical severity. CVSS v3 base score is 9.8 out of 10.