CVE-2020-2078

Name: CVE-2020-2078
Creator: NVD / NIST
Published: 2020-07-29T14:15:12.973+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 0.75%

Last modified Jun 17, 2026

CVE-2020-2078 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. EPSS estimates a 0.75% chance of exploitation in the next 30 days.

Description

Passwords are stored in plain text within the configuration of SICK Package Analytics software up to and including V04.1.1. An authorized attacker could access these stored plaintext credentials and gain access to the ftp service. Storing a password in plaintext allows attackers to easily gain access to systems, potentially compromising personal information or other sensitive information.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.75%

50.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-522

Affected Software

Vendor	Product	Versions
Sick	Package Analytics	<= 04.1.1

References

Timeline

Published: Jul 29, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-2078?

How severe is CVE-2020-2078?

CVE-2020-2078 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.75% probability of exploitation in the next 30 days.

How do I fix CVE-2020-2078?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-2078?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST