Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for GT-SoftControl by Bizerba SE & Co. KG

    CVE-2025-2819 (GCVE-0-2025-2819)

    Vulnerability from nvd – Published: 2025-03-26 14:49 – Updated: 2025-03-26 15:17
    VLAI
    Title
    Unrestricted Fileupload
    Summary
    There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG GT-SoftControl Affected: 0.0 , < 6.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2819",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T15:17:38.843313Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T15:17:46.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "GT-SoftControl",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "6.0",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.\n\n\u003cbr\u003e"
                }
              ],
              "value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-26T14:49:38.291Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0001.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Software to the current version of the corresponding Software.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update Software to the current version of the corresponding Software."
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0001",
            "discovery": "UNKNOWN"
          },
          "title": "Unrestricted Fileupload",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrevent unauthorized physical access to the device\u003c/span\u003e\u003c/li\u003e\u003cli\u003eDisable E-Service to prevent remote access\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "*  Prevent unauthorized physical access to the device\n  *  Disable E-Service to prevent remote access"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-2819",
        "datePublished": "2025-03-26T14:49:38.291Z",
        "dateReserved": "2025-03-26T14:42:48.119Z",
        "dateUpdated": "2025-03-26T15:17:46.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2819 (GCVE-0-2025-2819)

    Vulnerability from cvelistv5 – Published: 2025-03-26 14:49 – Updated: 2025-03-26 15:17
    VLAI
    Title
    Unrestricted Fileupload
    Summary
    There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG GT-SoftControl Affected: 0.0 , < 6.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2819",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T15:17:38.843313Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T15:17:46.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "GT-SoftControl",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "6.0",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.\n\n\u003cbr\u003e"
                }
              ],
              "value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-26T14:49:38.291Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0001.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Software to the current version of the corresponding Software.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update Software to the current version of the corresponding Software."
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0001",
            "discovery": "UNKNOWN"
          },
          "title": "Unrestricted Fileupload",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrevent unauthorized physical access to the device\u003c/span\u003e\u003c/li\u003e\u003cli\u003eDisable E-Service to prevent remote access\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "*  Prevent unauthorized physical access to the device\n  *  Disable E-Service to prevent remote access"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-2819",
        "datePublished": "2025-03-26T14:49:38.291Z",
        "dateReserved": "2025-03-26T14:42:48.119Z",
        "dateUpdated": "2025-03-26T15:17:46.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }