{"api_version":"1","generated_at":"2026-07-03T15:52:51+00:00","cve":"CVE-2020-2076","urls":{"html":"https://cve.report/CVE-2020-2076","api":"https://cve.report/api/cve/CVE-2020-2076.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-2076","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-2076"},"summary":{"title":"CVE-2020-2076","description":"SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication.","state":"PUBLIC","assigner":"psirt@sick.de","published_at":"2020-07-29 14:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["CWE-306"],"metrics":[],"references":[{"url":"https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories","name":"https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories","refsource":"MISC","tags":["Vendor Advisory"],"title":"The SICK Product Security Incident Response Team (SICK PSIRT) | SICK","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-2076","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-2076","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"2076","vulnerable":"1","versionEndIncluding":"04.0.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sick","cpe5":"package_analytics","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-2076","ASSIGNER":"psirt@sick.de","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"SICK Package Analytics","version":{"version_data":[{"version_value":"<=V04.0.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Authentication Bypass Using an Alternate Path or Channel"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories","url":"https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories"}]},"description":{"description_data":[{"lang":"eng","value":"SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication."}]}},"nvd":{"publishedDate":"2020-07-29 14:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["CWE-306"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*","versionEndIncluding":"04.0.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"2076","Ordinal":"161547","Title":"CVE-2020-2076","CVE":"CVE-2020-2076","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"2076","Ordinal":"1","NoteData":"SICK Package Analytics software up to and including version V04.0.0 are vulnerable to an authentication bypass by directly interfacing with the REST API. An attacker can send unauthorized requests, bypass current authentication controls presented by the application and could potentially write files without authentication.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"2076","Ordinal":"2","NoteData":"2020-07-29","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"2076","Ordinal":"3","NoteData":"2020-07-29","Type":"Other","Title":"Modified"}]}}}