Search

Find a vulnerability

Search criteria

    8 vulnerabilities by Bizerba SE & Co. KG

    CVE-2025-6513 (GCVE-0-2025-6513)

    Vulnerability from nvd – Published: 2025-06-23 12:37 – Updated: 2025-06-23 13:25
    VLAI
    Title
    BRAIN2 Configuration file for database access not sufficiently secured
    Summary
    Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-260 - Password in Configuration File
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG BRAIN2 Affected: 0.0 , < 3.06 (semver)
    Create a notification for this product.
    Date Public
    2025-06-22 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6513",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T13:25:51.725596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T13:25:56.804Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86"
              ],
              "product": "BRAIN2",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "3.06",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-06-22T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.\u003cbr\u003e"
                }
              ],
              "value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-260",
                  "description": "CWE-260: Password in Configuration File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T12:37:55.000Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the newest Version 3.06\u003cbr\u003e"
                }
              ],
              "value": "Update to the newest Version 3.06"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0003",
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-24T22:00:00.000Z",
              "value": "Release new BRAIN2 Version 3.06"
            }
          ],
          "title": "BRAIN2 Configuration file for database access not sufficiently secured",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003eDeactivate not needed users or delete them\u003c/li\u003e\u003cli\u003eEnsure that only authorized users have access to the device/software\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "*  Deactivate not needed users or delete them\n  *  Ensure that only authorized users have access to the device/software"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-6513",
        "datePublished": "2025-06-23T12:37:55.000Z",
        "dateReserved": "2025-06-23T09:36:49.537Z",
        "dateUpdated": "2025-06-23T13:25:56.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6512 (GCVE-0-2025-6512)

    Vulnerability from nvd – Published: 2025-06-23 12:48 – Updated: 2025-06-23 13:22
    VLAI
    Title
    Scripts within reports executable on BRAIN2 Server
    Summary
    On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG BRAIN2 Affected: 0.0 , < 3.06 (semver)
    Create a notification for this product.
    Date Public
    2025-06-22 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6512",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T13:22:41.924297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T13:22:47.485Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "x86"
              ],
              "product": "BRAIN2",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "3.06",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-06-22T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
                }
              ],
              "value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T12:48:33.951Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0004.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the newest Version 3.06\u003cbr\u003e"
                }
              ],
              "value": "Update to the newest Version 3.06"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0004",
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-22T22:00:00.000Z",
              "value": "Release of new Version BRAIN2 3.06"
            }
          ],
          "title": "Scripts within reports executable on BRAIN2 Server",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BRAIN2 users can be deprived of the right to edit the reports\u003cbr\u003e"
                }
              ],
              "value": "BRAIN2 users can be deprived of the right to edit the reports"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-6512",
        "datePublished": "2025-06-23T12:48:33.951Z",
        "dateReserved": "2025-06-23T09:36:41.905Z",
        "dateUpdated": "2025-06-23T13:22:47.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2820 (GCVE-0-2025-2820)

    Vulnerability from nvd – Published: 2025-03-26 14:58 – Updated: 2025-03-26 15:17
    VLAI
    Title
    Denial of Service
    Summary
    An authenticated attacker can compromise the availability of the device via the network
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG Product family GLx and CWx Affected: 0.0 , < 16.20 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2820",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T15:17:09.360360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T15:17:18.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Product family GLx and CWx",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "16.20",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated attacker can compromise the availability of the device via the network"
                }
              ],
              "value": "An authenticated attacker can compromise the availability of the device via the network"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-26T14:58:09.132Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0002.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the current Version of the device firmware\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update to the current Version of the device firmware"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0002",
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrevent access for unauthorized Persons for FTP and SFTP\u003c/span\u003e\u003c/li\u003e\u003cli\u003eDisable FTP and SFTP\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "*  Prevent access for unauthorized Persons for FTP and SFTP\n  *  Disable FTP and SFTP"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-2820",
        "datePublished": "2025-03-26T14:58:09.132Z",
        "dateReserved": "2025-03-26T14:52:26.131Z",
        "dateUpdated": "2025-03-26T15:17:18.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2819 (GCVE-0-2025-2819)

    Vulnerability from nvd – Published: 2025-03-26 14:49 – Updated: 2025-03-26 15:17
    VLAI
    Title
    Unrestricted Fileupload
    Summary
    There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG GT-SoftControl Affected: 0.0 , < 6.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2819",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T15:17:38.843313Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T15:17:46.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "GT-SoftControl",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "6.0",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.\n\n\u003cbr\u003e"
                }
              ],
              "value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-26T14:49:38.291Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0001.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Software to the current version of the corresponding Software.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update Software to the current version of the corresponding Software."
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0001",
            "discovery": "UNKNOWN"
          },
          "title": "Unrestricted Fileupload",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrevent unauthorized physical access to the device\u003c/span\u003e\u003c/li\u003e\u003cli\u003eDisable E-Service to prevent remote access\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "*  Prevent unauthorized physical access to the device\n  *  Disable E-Service to prevent remote access"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-2819",
        "datePublished": "2025-03-26T14:49:38.291Z",
        "dateReserved": "2025-03-26T14:42:48.119Z",
        "dateUpdated": "2025-03-26T15:17:46.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6512 (GCVE-0-2025-6512)

    Vulnerability from cvelistv5 – Published: 2025-06-23 12:48 – Updated: 2025-06-23 13:22
    VLAI
    Title
    Scripts within reports executable on BRAIN2 Server
    Summary
    On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG BRAIN2 Affected: 0.0 , < 3.06 (semver)
    Create a notification for this product.
    Date Public
    2025-06-22 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6512",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T13:22:41.924297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T13:22:47.485Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows",
                "x86"
              ],
              "product": "BRAIN2",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "3.06",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-06-22T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
                }
              ],
              "value": "On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T12:48:33.951Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0004.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the newest Version 3.06\u003cbr\u003e"
                }
              ],
              "value": "Update to the newest Version 3.06"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0004",
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-06-22T22:00:00.000Z",
              "value": "Release of new Version BRAIN2 3.06"
            }
          ],
          "title": "Scripts within reports executable on BRAIN2 Server",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BRAIN2 users can be deprived of the right to edit the reports\u003cbr\u003e"
                }
              ],
              "value": "BRAIN2 users can be deprived of the right to edit the reports"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-6512",
        "datePublished": "2025-06-23T12:48:33.951Z",
        "dateReserved": "2025-06-23T09:36:41.905Z",
        "dateUpdated": "2025-06-23T13:22:47.485Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-6513 (GCVE-0-2025-6513)

    Vulnerability from cvelistv5 – Published: 2025-06-23 12:37 – Updated: 2025-06-23 13:25
    VLAI
    Title
    BRAIN2 Configuration file for database access not sufficiently secured
    Summary
    Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-260 - Password in Configuration File
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG BRAIN2 Affected: 0.0 , < 3.06 (semver)
    Create a notification for this product.
    Date Public
    2025-06-22 22:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6513",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-23T13:25:51.725596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-23T13:25:56.804Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "x86"
              ],
              "product": "BRAIN2",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "3.06",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-06-22T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it.\u003cbr\u003e"
                }
              ],
              "value": "Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-260",
                  "description": "CWE-260: Password in Configuration File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T12:37:55.000Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0003.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the newest Version 3.06\u003cbr\u003e"
                }
              ],
              "value": "Update to the newest Version 3.06"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0003",
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2025-05-24T22:00:00.000Z",
              "value": "Release new BRAIN2 Version 3.06"
            }
          ],
          "title": "BRAIN2 Configuration file for database access not sufficiently secured",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003eDeactivate not needed users or delete them\u003c/li\u003e\u003cli\u003eEnsure that only authorized users have access to the device/software\u003c/li\u003e\u003c/ul\u003e"
                }
              ],
              "value": "*  Deactivate not needed users or delete them\n  *  Ensure that only authorized users have access to the device/software"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-6513",
        "datePublished": "2025-06-23T12:37:55.000Z",
        "dateReserved": "2025-06-23T09:36:49.537Z",
        "dateUpdated": "2025-06-23T13:25:56.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2820 (GCVE-0-2025-2820)

    Vulnerability from cvelistv5 – Published: 2025-03-26 14:58 – Updated: 2025-03-26 15:17
    VLAI
    Title
    Denial of Service
    Summary
    An authenticated attacker can compromise the availability of the device via the network
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG Product family GLx and CWx Affected: 0.0 , < 16.20 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2820",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T15:17:09.360360Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T15:17:18.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Product family GLx and CWx",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "16.20",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An authenticated attacker can compromise the availability of the device via the network"
                }
              ],
              "value": "An authenticated attacker can compromise the availability of the device via the network"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-26T14:58:09.132Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0002.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to the current Version of the device firmware\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update to the current Version of the device firmware"
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0002",
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrevent access for unauthorized Persons for FTP and SFTP\u003c/span\u003e\u003c/li\u003e\u003cli\u003eDisable FTP and SFTP\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "*  Prevent access for unauthorized Persons for FTP and SFTP\n  *  Disable FTP and SFTP"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-2820",
        "datePublished": "2025-03-26T14:58:09.132Z",
        "dateReserved": "2025-03-26T14:52:26.131Z",
        "dateUpdated": "2025-03-26T15:17:18.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2819 (GCVE-0-2025-2819)

    Vulnerability from cvelistv5 – Published: 2025-03-26 14:49 – Updated: 2025-03-26 15:17
    VLAI
    Title
    Unrestricted Fileupload
    Summary
    There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    Bizerba SE & Co. KG GT-SoftControl Affected: 0.0 , < 6.0 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2819",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-26T15:17:38.843313Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-26T15:17:46.739Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "GT-SoftControl",
              "vendor": "Bizerba SE \u0026 Co. KG",
              "versions": [
                {
                  "lessThan": "6.0",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.\n\n\u003cbr\u003e"
                }
              ],
              "value": "There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-26T14:49:38.291Z",
            "orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
            "shortName": "bizerba"
          },
          "references": [
            {
              "url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0001.pdf"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update Software to the current version of the corresponding Software.\n\n\u003cbr\u003e"
                }
              ],
              "value": "Update Software to the current version of the corresponding Software."
            }
          ],
          "source": {
            "advisory": "BIZERBA-SA-2025-0001",
            "discovery": "UNKNOWN"
          },
          "title": "Unrestricted Fileupload",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePrevent unauthorized physical access to the device\u003c/span\u003e\u003c/li\u003e\u003cli\u003eDisable E-Service to prevent remote access\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "*  Prevent unauthorized physical access to the device\n  *  Disable E-Service to prevent remote access"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
        "assignerShortName": "bizerba",
        "cveId": "CVE-2025-2819",
        "datePublished": "2025-03-26T14:49:38.291Z",
        "dateReserved": "2025-03-26T14:42:48.119Z",
        "dateUpdated": "2025-03-26T15:17:46.739Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }