Search
Find a vulnerability
Search criteria
4 vulnerabilities found for BRAIN2 by Bizerba SE & Co. KG
CVE-2025-6513 (GCVE-0-2025-6513)
Vulnerability from nvd – Published: 2025-06-23 12:37 – Updated: 2025-06-23 13:25
VLAI
EPSS
VEX
Title
BRAIN2 Configuration file for database access not sufficiently secured
Summary
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-260 - Password in Configuration File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | BRAIN2 |
Affected:
0.0 , < 3.06
(semver)
|
Date Public
2025-06-22 22:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T13:25:51.725596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T13:25:56.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"x86"
],
"product": "BRAIN2",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "3.06",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.\u003cbr\u003e"
}
],
"value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-260",
"description": "CWE-260: Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:37:55.000Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the newest Version 3.06\u003cbr\u003e"
}
],
"value": "Update to the newest Version 3.06"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0003",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-05-24T22:00:00.000Z",
"value": "Release new BRAIN2 Version 3.06"
}
],
"title": "BRAIN2 Configuration file for database access not sufficiently secured",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eDeactivate not needed users or delete them\u003c/li\u003e\u003cli\u003eEnsure that only authorized users have access to the device/software\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* Deactivate not needed users or delete them\n * Ensure that only authorized users have access to the device/software"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-6513",
"datePublished": "2025-06-23T12:37:55.000Z",
"dateReserved": "2025-06-23T09:36:49.537Z",
"dateUpdated": "2025-06-23T13:25:56.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6512 (GCVE-0-2025-6512)
Vulnerability from nvd – Published: 2025-06-23 12:48 – Updated: 2025-06-23 13:22
VLAI
EPSS
VEX
Title
Scripts within reports executable on BRAIN2 Server
Summary
On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | BRAIN2 |
Affected:
0.0 , < 3.06
(semver)
|
Date Public
2025-06-22 22:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T13:22:41.924297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T13:22:47.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "BRAIN2",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "3.06",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
}
],
"value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:48:33.951Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0004.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the newest Version 3.06\u003cbr\u003e"
}
],
"value": "Update to the newest Version 3.06"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0004",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-06-22T22:00:00.000Z",
"value": "Release of new Version BRAIN2 3.06"
}
],
"title": "Scripts within reports executable on BRAIN2 Server",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BRAIN2 users can be deprived of the right to edit the reports\u003cbr\u003e"
}
],
"value": "BRAIN2 users can be deprived of the right to edit the reports"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-6512",
"datePublished": "2025-06-23T12:48:33.951Z",
"dateReserved": "2025-06-23T09:36:41.905Z",
"dateUpdated": "2025-06-23T13:22:47.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6512 (GCVE-0-2025-6512)
Vulnerability from cvelistv5 – Published: 2025-06-23 12:48 – Updated: 2025-06-23 13:22
VLAI
EPSS
VEX
Title
Scripts within reports executable on BRAIN2 Server
Summary
On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | BRAIN2 |
Affected:
0.0 , < 3.06
(semver)
|
Date Public
2025-06-22 22:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T13:22:41.924297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T13:22:47.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "BRAIN2",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "3.06",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
}
],
"value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:48:33.951Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0004.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the newest Version 3.06\u003cbr\u003e"
}
],
"value": "Update to the newest Version 3.06"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0004",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-06-22T22:00:00.000Z",
"value": "Release of new Version BRAIN2 3.06"
}
],
"title": "Scripts within reports executable on BRAIN2 Server",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BRAIN2 users can be deprived of the right to edit the reports\u003cbr\u003e"
}
],
"value": "BRAIN2 users can be deprived of the right to edit the reports"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-6512",
"datePublished": "2025-06-23T12:48:33.951Z",
"dateReserved": "2025-06-23T09:36:41.905Z",
"dateUpdated": "2025-06-23T13:22:47.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6513 (GCVE-0-2025-6513)
Vulnerability from cvelistv5 – Published: 2025-06-23 12:37 – Updated: 2025-06-23 13:25
VLAI
EPSS
VEX
Title
BRAIN2 Configuration file for database access not sufficiently secured
Summary
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-260 - Password in Configuration File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | BRAIN2 |
Affected:
0.0 , < 3.06
(semver)
|
Date Public
2025-06-22 22:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T13:25:51.725596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T13:25:56.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"x86"
],
"product": "BRAIN2",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "3.06",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.\u003cbr\u003e"
}
],
"value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-260",
"description": "CWE-260: Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:37:55.000Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the newest Version 3.06\u003cbr\u003e"
}
],
"value": "Update to the newest Version 3.06"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0003",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-05-24T22:00:00.000Z",
"value": "Release new BRAIN2 Version 3.06"
}
],
"title": "BRAIN2 Configuration file for database access not sufficiently secured",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eDeactivate not needed users or delete them\u003c/li\u003e\u003cli\u003eEnsure that only authorized users have access to the device/software\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* Deactivate not needed users or delete them\n * Ensure that only authorized users have access to the device/software"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-6513",
"datePublished": "2025-06-23T12:37:55.000Z",
"dateReserved": "2025-06-23T09:36:49.537Z",
"dateUpdated": "2025-06-23T13:25:56.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}