Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for BRAIN2 by Bizerba SE & Co. KG

    CVE-2025-6513 (GCVE-0-2025-6513)

    Vulnerability from nvd – Published: 2025-06-23 12:37 – Updated: 2025-06-23 13:25
    VLAI
    Title
    BRAIN2 Configuration file for database access not sufficiently secured
    Summary
    Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-260 - Password in Configuration File
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG BRAIN2 Affected: 0.0 , < 3.06 (semver)
    Create a notification for this product.
    Date Public
    2025-06-22 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6513",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T13:25:51.725596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T13:25:56.804Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86"
              ],
              "product": "BRAIN2",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "3.06",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-06-22T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.\u003cbr\u003e"
                }
              ],
              "value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-260",
                  "description": "CWE-260: Password in Configuration File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T12:37:55.000Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the newest Version 3.06\u003cbr\u003e"
                }
              ],
              "value": "Update to the newest Version 3.06"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0003",
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-24T22:00:00.000Z",
              "value": "Release new BRAIN2 Version 3.06"
            }
          ],
          "title": "BRAIN2 Configuration file for database access not sufficiently secured",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003eDeactivate not needed users or delete them\u003c/li\u003e\u003cli\u003eEnsure that only authorized users have access to the device/software\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "*  Deactivate not needed users or delete them\n  *  Ensure that only authorized users have access to the device/software"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-6513",
        "datePublished": "2025-06-23T12:37:55.000Z",
        "dateReserved": "2025-06-23T09:36:49.537Z",
        "dateUpdated": "2025-06-23T13:25:56.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6512 (GCVE-0-2025-6512)

    Vulnerability from nvd – Published: 2025-06-23 12:48 – Updated: 2025-06-23 13:22
    VLAI
    Title
    Scripts within reports executable on BRAIN2 Server
    Summary
    On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG BRAIN2 Affected: 0.0 , < 3.06 (semver)
    Create a notification for this product.
    Date Public
    2025-06-22 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6512",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T13:22:41.924297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T13:22:47.485Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "x86"
              ],
              "product": "BRAIN2",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "3.06",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-06-22T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
                }
              ],
              "value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T12:48:33.951Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0004.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the newest Version 3.06\u003cbr\u003e"
                }
              ],
              "value": "Update to the newest Version 3.06"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0004",
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-22T22:00:00.000Z",
              "value": "Release of new Version BRAIN2 3.06"
            }
          ],
          "title": "Scripts within reports executable on BRAIN2 Server",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BRAIN2 users can be deprived of the right to edit the reports\u003cbr\u003e"
                }
              ],
              "value": "BRAIN2 users can be deprived of the right to edit the reports"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-6512",
        "datePublished": "2025-06-23T12:48:33.951Z",
        "dateReserved": "2025-06-23T09:36:41.905Z",
        "dateUpdated": "2025-06-23T13:22:47.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6512 (GCVE-0-2025-6512)

    Vulnerability from cvelistv5 – Published: 2025-06-23 12:48 – Updated: 2025-06-23 13:22
    VLAI
    Title
    Scripts within reports executable on BRAIN2 Server
    Summary
    On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG BRAIN2 Affected: 0.0 , < 3.06 (semver)
    Create a notification for this product.
    Date Public
    2025-06-22 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6512",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T13:22:41.924297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T13:22:47.485Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "x86"
              ],
              "product": "BRAIN2",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "3.06",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-06-22T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
                }
              ],
              "value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T12:48:33.951Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0004.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the newest Version 3.06\u003cbr\u003e"
                }
              ],
              "value": "Update to the newest Version 3.06"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0004",
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-22T22:00:00.000Z",
              "value": "Release of new Version BRAIN2 3.06"
            }
          ],
          "title": "Scripts within reports executable on BRAIN2 Server",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BRAIN2 users can be deprived of the right to edit the reports\u003cbr\u003e"
                }
              ],
              "value": "BRAIN2 users can be deprived of the right to edit the reports"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-6512",
        "datePublished": "2025-06-23T12:48:33.951Z",
        "dateReserved": "2025-06-23T09:36:41.905Z",
        "dateUpdated": "2025-06-23T13:22:47.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6513 (GCVE-0-2025-6513)

    Vulnerability from cvelistv5 – Published: 2025-06-23 12:37 – Updated: 2025-06-23 13:25
    VLAI
    Title
    BRAIN2 Configuration file for database access not sufficiently secured
    Summary
    Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-260 - Password in Configuration File
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG BRAIN2 Affected: 0.0 , < 3.06 (semver)
    Create a notification for this product.
    Date Public
    2025-06-22 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6513",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T13:25:51.725596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T13:25:56.804Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86"
              ],
              "product": "BRAIN2",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "3.06",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-06-22T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.\u003cbr\u003e"
                }
              ],
              "value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-260",
                  "description": "CWE-260: Password in Configuration File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T12:37:55.000Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the newest Version 3.06\u003cbr\u003e"
                }
              ],
              "value": "Update to the newest Version 3.06"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0003",
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-24T22:00:00.000Z",
              "value": "Release new BRAIN2 Version 3.06"
            }
          ],
          "title": "BRAIN2 Configuration file for database access not sufficiently secured",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003eDeactivate not needed users or delete them\u003c/li\u003e\u003cli\u003eEnsure that only authorized users have access to the device/software\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "*  Deactivate not needed users or delete them\n  *  Ensure that only authorized users have access to the device/software"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-6513",
        "datePublished": "2025-06-23T12:37:55.000Z",
        "dateReserved": "2025-06-23T09:36:49.537Z",
        "dateUpdated": "2025-06-23T13:25:56.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }