Search
Find a vulnerability
Search criteria
8 vulnerabilities by Bizerba SE & Co. KG
CVE-2025-6513 (GCVE-0-2025-6513)
Vulnerability from nvd – Published: 2025-06-23 12:37 – Updated: 2025-06-23 13:25
VLAI
EPSS
VEX
Title
BRAIN2 Configuration file for database access not sufficiently secured
Summary
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-260 - Password in Configuration File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | BRAIN2 |
Affected:
0.0 , < 3.06
(semver)
|
Date Public
2025-06-22 22:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T13:25:51.725596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T13:25:56.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"x86"
],
"product": "BRAIN2",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "3.06",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.\u003cbr\u003e"
}
],
"value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-260",
"description": "CWE-260: Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:37:55.000Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the newest Version 3.06\u003cbr\u003e"
}
],
"value": "Update to the newest Version 3.06"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0003",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-05-24T22:00:00.000Z",
"value": "Release new BRAIN2 Version 3.06"
}
],
"title": "BRAIN2 Configuration file for database access not sufficiently secured",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eDeactivate not needed users or delete them\u003c/li\u003e\u003cli\u003eEnsure that only authorized users have access to the device/software\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* Deactivate not needed users or delete them\n * Ensure that only authorized users have access to the device/software"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-6513",
"datePublished": "2025-06-23T12:37:55.000Z",
"dateReserved": "2025-06-23T09:36:49.537Z",
"dateUpdated": "2025-06-23T13:25:56.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6512 (GCVE-0-2025-6512)
Vulnerability from nvd – Published: 2025-06-23 12:48 – Updated: 2025-06-23 13:22
VLAI
EPSS
VEX
Title
Scripts within reports executable on BRAIN2 Server
Summary
On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | BRAIN2 |
Affected:
0.0 , < 3.06
(semver)
|
Date Public
2025-06-22 22:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T13:22:41.924297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T13:22:47.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "BRAIN2",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "3.06",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
}
],
"value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:48:33.951Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0004.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the newest Version 3.06\u003cbr\u003e"
}
],
"value": "Update to the newest Version 3.06"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0004",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-06-22T22:00:00.000Z",
"value": "Release of new Version BRAIN2 3.06"
}
],
"title": "Scripts within reports executable on BRAIN2 Server",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BRAIN2 users can be deprived of the right to edit the reports\u003cbr\u003e"
}
],
"value": "BRAIN2 users can be deprived of the right to edit the reports"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-6512",
"datePublished": "2025-06-23T12:48:33.951Z",
"dateReserved": "2025-06-23T09:36:41.905Z",
"dateUpdated": "2025-06-23T13:22:47.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2820 (GCVE-0-2025-2820)
Vulnerability from nvd – Published: 2025-03-26 14:58 – Updated: 2025-03-26 15:17
VLAI
EPSS
VEX
Title
Denial of Service
Summary
An authenticated attacker can compromise the availability of the device via the network
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | Product family GLx and CWx |
Affected:
0.0 , < 16.20
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T15:17:09.360360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T15:17:18.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Product family GLx and CWx",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "16.20",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated attacker can compromise the availability of the device via the network"
}
],
"value": "An authenticated attacker can compromise the availability of the device via the network"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T14:58:09.132Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0002.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the current Version of the device firmware\n\n\u003cbr\u003e"
}
],
"value": "Update to the current Version of the device firmware"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0002",
"discovery": "UNKNOWN"
},
"title": "Denial of Service",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrevent access for unauthorized Persons for FTP and SFTP\u003c/span\u003e\u003c/li\u003e\u003cli\u003eDisable FTP and SFTP\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "* Prevent access for unauthorized Persons for FTP and SFTP\n * Disable FTP and SFTP"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-2820",
"datePublished": "2025-03-26T14:58:09.132Z",
"dateReserved": "2025-03-26T14:52:26.131Z",
"dateUpdated": "2025-03-26T15:17:18.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2819 (GCVE-0-2025-2819)
Vulnerability from nvd – Published: 2025-03-26 14:49 – Updated: 2025-03-26 15:17
VLAI
EPSS
VEX
Title
Unrestricted Fileupload
Summary
There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | GT-SoftControl |
Affected:
0.0 , < 6.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T15:17:38.843313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T15:17:46.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GT-SoftControl",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.\n\n\u003cbr\u003e"
}
],
"value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T14:49:38.291Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0001.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Software to the current version of the corresponding Software.\n\n\u003cbr\u003e"
}
],
"value": "Update Software to the current version of the corresponding Software."
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0001",
"discovery": "UNKNOWN"
},
"title": "Unrestricted Fileupload",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrevent unauthorized physical access to the device\u003c/span\u003e\u003c/li\u003e\u003cli\u003eDisable E-Service to prevent remote access\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "* Prevent unauthorized physical access to the device\n * Disable E-Service to prevent remote access"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-2819",
"datePublished": "2025-03-26T14:49:38.291Z",
"dateReserved": "2025-03-26T14:42:48.119Z",
"dateUpdated": "2025-03-26T15:17:46.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6512 (GCVE-0-2025-6512)
Vulnerability from cvelistv5 – Published: 2025-06-23 12:48 – Updated: 2025-06-23 13:22
VLAI
EPSS
VEX
Title
Scripts within reports executable on BRAIN2 Server
Summary
On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | BRAIN2 |
Affected:
0.0 , < 3.06
(semver)
|
Date Public
2025-06-22 22:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T13:22:41.924297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T13:22:47.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"x86"
],
"product": "BRAIN2",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "3.06",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
}
],
"value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:48:33.951Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0004.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the newest Version 3.06\u003cbr\u003e"
}
],
"value": "Update to the newest Version 3.06"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0004",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-06-22T22:00:00.000Z",
"value": "Release of new Version BRAIN2 3.06"
}
],
"title": "Scripts within reports executable on BRAIN2 Server",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BRAIN2 users can be deprived of the right to edit the reports\u003cbr\u003e"
}
],
"value": "BRAIN2 users can be deprived of the right to edit the reports"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-6512",
"datePublished": "2025-06-23T12:48:33.951Z",
"dateReserved": "2025-06-23T09:36:41.905Z",
"dateUpdated": "2025-06-23T13:22:47.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6513 (GCVE-0-2025-6513)
Vulnerability from cvelistv5 – Published: 2025-06-23 12:37 – Updated: 2025-06-23 13:25
VLAI
EPSS
VEX
Title
BRAIN2 Configuration file for database access not sufficiently secured
Summary
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-260 - Password in Configuration File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | BRAIN2 |
Affected:
0.0 , < 3.06
(semver)
|
Date Public
2025-06-22 22:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T13:25:51.725596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T13:25:56.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"x86"
],
"product": "BRAIN2",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "3.06",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-06-22T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.\u003cbr\u003e"
}
],
"value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-260",
"description": "CWE-260: Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:37:55.000Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the newest Version 3.06\u003cbr\u003e"
}
],
"value": "Update to the newest Version 3.06"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0003",
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-05-24T22:00:00.000Z",
"value": "Release new BRAIN2 Version 3.06"
}
],
"title": "BRAIN2 Configuration file for database access not sufficiently secured",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eDeactivate not needed users or delete them\u003c/li\u003e\u003cli\u003eEnsure that only authorized users have access to the device/software\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* Deactivate not needed users or delete them\n * Ensure that only authorized users have access to the device/software"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-6513",
"datePublished": "2025-06-23T12:37:55.000Z",
"dateReserved": "2025-06-23T09:36:49.537Z",
"dateUpdated": "2025-06-23T13:25:56.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2820 (GCVE-0-2025-2820)
Vulnerability from cvelistv5 – Published: 2025-03-26 14:58 – Updated: 2025-03-26 15:17
VLAI
EPSS
VEX
Title
Denial of Service
Summary
An authenticated attacker can compromise the availability of the device via the network
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | Product family GLx and CWx |
Affected:
0.0 , < 16.20
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T15:17:09.360360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T15:17:18.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Product family GLx and CWx",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "16.20",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated attacker can compromise the availability of the device via the network"
}
],
"value": "An authenticated attacker can compromise the availability of the device via the network"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T14:58:09.132Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0002.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the current Version of the device firmware\n\n\u003cbr\u003e"
}
],
"value": "Update to the current Version of the device firmware"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0002",
"discovery": "UNKNOWN"
},
"title": "Denial of Service",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrevent access for unauthorized Persons for FTP and SFTP\u003c/span\u003e\u003c/li\u003e\u003cli\u003eDisable FTP and SFTP\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "* Prevent access for unauthorized Persons for FTP and SFTP\n * Disable FTP and SFTP"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-2820",
"datePublished": "2025-03-26T14:58:09.132Z",
"dateReserved": "2025-03-26T14:52:26.131Z",
"dateUpdated": "2025-03-26T15:17:18.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2819 (GCVE-0-2025-2819)
Vulnerability from cvelistv5 – Published: 2025-03-26 14:49 – Updated: 2025-03-26 15:17
VLAI
EPSS
VEX
Title
Unrestricted Fileupload
Summary
There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.
Severity
6.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bizerba SE & Co. KG | GT-SoftControl |
Affected:
0.0 , < 6.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T15:17:38.843313Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T15:17:46.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "GT-SoftControl",
"vendor": "Bizerba SE \u0026 Co. KG",
"versions": [
{
"lessThan": "6.0",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.\n\n\u003cbr\u003e"
}
],
"value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-26T14:49:38.291Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0001.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update Software to the current version of the corresponding Software.\n\n\u003cbr\u003e"
}
],
"value": "Update Software to the current version of the corresponding Software."
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0001",
"discovery": "UNKNOWN"
},
"title": "Unrestricted Fileupload",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrevent unauthorized physical access to the device\u003c/span\u003e\u003c/li\u003e\u003cli\u003eDisable E-Service to prevent remote access\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "* Prevent unauthorized physical access to the device\n * Disable E-Service to prevent remote access"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-2819",
"datePublished": "2025-03-26T14:49:38.291Z",
"dateReserved": "2025-03-26T14:42:48.119Z",
"dateUpdated": "2025-03-26T15:17:46.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}