Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for BRAIN2 by Bizerba

    CVE-2025-12509 (GCVE-0-2025-12509)

    Vulnerability from nvd – Published: 2025-10-31 15:51 – Updated: 2025-10-31 17:43
    VLAI
    Title
    Scripts for the module Global_Shipping executable on BRAIN2 Server
    Summary
    On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba BRAIN2 Affected: 0.0 , < 3.07 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T17:43:42.387454Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T17:43:51.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "BRAIN2",
              "vendor": "Bizerba",
              "versions": [
                {
                  "lessThan": "3.07",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:bizerba:brain2:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "3.07",
                      "versionStartIncluding": "0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights."
                }
              ],
              "value": "On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:51:25.120Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0007.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to version 3.07"
                }
              ],
              "value": "Update to version 3.07"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0007",
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-30T23:00:00.000Z",
              "value": "Release of new version BRAIN2 3.07"
            },
            {
              "lang": "en",
              "time": "2025-10-30T23:00:00.000Z",
              "value": "Publish Security Advisory"
            }
          ],
          "title": "Scripts for the module Global_Shipping executable on BRAIN2 Server",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BRAIN2 users can be deprived of the right to implement Global_Shipping scripts.\u003cbr\u003e"
                }
              ],
              "value": "BRAIN2 users can be deprived of the right to implement Global_Shipping scripts."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-12509",
        "datePublished": "2025-10-31T15:51:25.120Z",
        "dateReserved": "2025-10-30T14:08:51.595Z",
        "dateUpdated": "2025-10-31T17:43:51.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12508 (GCVE-0-2025-12508)

    Vulnerability from nvd – Published: 2025-10-31 15:49 – Updated: 2025-10-31 17:44
    VLAI
    Title
    Unencrypted communication to Active Directory services
    Summary
    When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba BRAIN2 Affected: 0.0 , < 3.07 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12508",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T17:44:19.445267Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T17:44:27.867Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "BRAIN2",
              "vendor": "Bizerba",
              "versions": [
                {
                  "lessThan": "3.07",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:bizerba:brain2:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "3.07",
                      "versionStartIncluding": "0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality."
                }
              ],
              "value": "When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:49:54.429Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0006.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to version 3.07\u003cbr\u003e"
                }
              ],
              "value": "Update to version 3.07"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0006",
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-30T23:00:00.000Z",
              "value": "Release of new version BRAIN2 3.07"
            },
            {
              "lang": "en",
              "time": "2025-10-30T23:00:00.000Z",
              "value": "Publish Security"
            }
          ],
          "title": "Unencrypted communication to Active Directory services",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Do not use domain users as BRAIN2 users in unprotected networks. Use local BRAIN2 users instead."
                }
              ],
              "value": "Do not use domain users as BRAIN2 users in unprotected networks. Use local BRAIN2 users instead."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-12508",
        "datePublished": "2025-10-31T15:49:54.429Z",
        "dateReserved": "2025-10-30T14:08:50.565Z",
        "dateUpdated": "2025-10-31T17:44:27.867Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12509 (GCVE-0-2025-12509)

    Vulnerability from cvelistv5 – Published: 2025-10-31 15:51 – Updated: 2025-10-31 17:43
    VLAI
    Title
    Scripts for the module Global_Shipping executable on BRAIN2 Server
    Summary
    On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba BRAIN2 Affected: 0.0 , < 3.07 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12509",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T17:43:42.387454Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T17:43:51.160Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "BRAIN2",
              "vendor": "Bizerba",
              "versions": [
                {
                  "lessThan": "3.07",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:bizerba:brain2:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "3.07",
                      "versionStartIncluding": "0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights."
                }
              ],
              "value": "On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:51:25.120Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0007.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to version 3.07"
                }
              ],
              "value": "Update to version 3.07"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0007",
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-30T23:00:00.000Z",
              "value": "Release of new version BRAIN2 3.07"
            },
            {
              "lang": "en",
              "time": "2025-10-30T23:00:00.000Z",
              "value": "Publish Security Advisory"
            }
          ],
          "title": "Scripts for the module Global_Shipping executable on BRAIN2 Server",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BRAIN2 users can be deprived of the right to implement Global_Shipping scripts.\u003cbr\u003e"
                }
              ],
              "value": "BRAIN2 users can be deprived of the right to implement Global_Shipping scripts."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-12509",
        "datePublished": "2025-10-31T15:51:25.120Z",
        "dateReserved": "2025-10-30T14:08:51.595Z",
        "dateUpdated": "2025-10-31T17:43:51.160Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12508 (GCVE-0-2025-12508)

    Vulnerability from cvelistv5 – Published: 2025-10-31 15:49 – Updated: 2025-10-31 17:44
    VLAI
    Title
    Unencrypted communication to Active Directory services
    Summary
    When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-319 - Cleartext Transmission of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba BRAIN2 Affected: 0.0 , < 3.07 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12508",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T17:44:19.445267Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T17:44:27.867Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "BRAIN2",
              "vendor": "Bizerba",
              "versions": [
                {
                  "lessThan": "3.07",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:bizerba:brain2:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "3.07",
                      "versionStartIncluding": "0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality."
                }
              ],
              "value": "When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-319",
                  "description": "CWE-319 Cleartext Transmission of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:49:54.429Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0006.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to version 3.07\u003cbr\u003e"
                }
              ],
              "value": "Update to version 3.07"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0006",
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-30T23:00:00.000Z",
              "value": "Release of new version BRAIN2 3.07"
            },
            {
              "lang": "en",
              "time": "2025-10-30T23:00:00.000Z",
              "value": "Publish Security"
            }
          ],
          "title": "Unencrypted communication to Active Directory services",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Do not use domain users as BRAIN2 users in unprotected networks. Use local BRAIN2 users instead."
                }
              ],
              "value": "Do not use domain users as BRAIN2 users in unprotected networks. Use local BRAIN2 users instead."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-12508",
        "datePublished": "2025-10-31T15:49:54.429Z",
        "dateReserved": "2025-10-30T14:08:50.565Z",
        "dateUpdated": "2025-10-31T17:44:27.867Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }