Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for _connect.BRAIN by Bizerba

    CVE-2025-12507 (GCVE-0-2025-12507)

    Vulnerability from nvd – Published: 2025-10-31 15:48 – Updated: 2025-10-31 18:17
    VLAI
    Title
    Insecure service configuration – unquoted path
    Summary
    The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba _connect.BRAIN Affected: 0.0 , < 5.02 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12507",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T18:17:08.521501Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T18:17:20.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "_connect.BRAIN",
              "vendor": "Bizerba",
              "versions": [
                {
                  "lessThan": "5.02",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:bizerba:_connect.brain:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "5.02",
                      "versionStartIncluding": "0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.\u003cbr\u003e"
                }
              ],
              "value": "The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:48:36.371Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0005.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to version \u2265 5.02\u003cbr\u003e"
                }
              ],
              "value": "Update to version \u2265 5.02"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0005",
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-01-15T23:00:00.000Z",
              "value": "Release of new Version _connect.BRAIN 5.02"
            },
            {
              "lang": "en",
              "time": "2025-10-30T23:00:00.000Z",
              "value": "Publish Security Advisory"
            }
          ],
          "title": "Insecure service configuration \u2013 unquoted path",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Enclose the service path in the registry in quotes: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BCS\\ImagePath\u003cbr\u003e"
                }
              ],
              "value": "Enclose the service path in the registry in quotes: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BCS\\ImagePath"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-12507",
        "datePublished": "2025-10-31T15:48:36.371Z",
        "dateReserved": "2025-10-30T14:08:49.409Z",
        "dateUpdated": "2025-10-31T18:17:20.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12507 (GCVE-0-2025-12507)

    Vulnerability from cvelistv5 – Published: 2025-10-31 15:48 – Updated: 2025-10-31 18:17
    VLAI
    Title
    Insecure service configuration – unquoted path
    Summary
    The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-428 - Unquoted Search Path or Element
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba _connect.BRAIN Affected: 0.0 , < 5.02 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12507",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-31T18:17:08.521501Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-31T18:17:20.171Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "_connect.BRAIN",
              "vendor": "Bizerba",
              "versions": [
                {
                  "lessThan": "5.02",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:bizerba:_connect.brain:*:*:windows:*:*:*:*:*",
                      "versionEndExcluding": "5.02",
                      "versionStartIncluding": "0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.\u003cbr\u003e"
                }
              ],
              "value": "The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "CWE-428 Unquoted Search Path or Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-31T15:48:36.371Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0005.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to version \u2265 5.02\u003cbr\u003e"
                }
              ],
              "value": "Update to version \u2265 5.02"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0005",
            "discovery": "INTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-01-15T23:00:00.000Z",
              "value": "Release of new Version _connect.BRAIN 5.02"
            },
            {
              "lang": "en",
              "time": "2025-10-30T23:00:00.000Z",
              "value": "Publish Security Advisory"
            }
          ],
          "title": "Insecure service configuration \u2013 unquoted path",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Enclose the service path in the registry in quotes: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BCS\\ImagePath\u003cbr\u003e"
                }
              ],
              "value": "Enclose the service path in the registry in quotes: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BCS\\ImagePath"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.4.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-12507",
        "datePublished": "2025-10-31T15:48:36.371Z",
        "dateReserved": "2025-10-30T14:08:49.409Z",
        "dateUpdated": "2025-10-31T18:17:20.171Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }