Refine your search
3 vulnerabilities found for by Bizerba
CVE-2025-12509 (GCVE-0-2025-12509)
Vulnerability from cvelistv5
Published
2025-10-31 15:51
Modified
2025-10-31 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Summary
On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T17:43:42.387454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T17:43:51.160Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "BRAIN2",
"vendor": "Bizerba",
"versions": [
{
"lessThan": "3.07",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bizerba:brain2:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "3.07",
"versionStartIncluding": "0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights."
}
],
"value": "On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T15:51:25.120Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0007.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 3.07"
}
],
"value": "Update to version 3.07"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0007",
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-10-30T23:00:00.000Z",
"value": "Release of new version BRAIN2 3.07"
},
{
"lang": "en",
"time": "2025-10-30T23:00:00.000Z",
"value": "Publish Security Advisory"
}
],
"title": "Scripts for the module Global_Shipping executable on BRAIN2 Server",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BRAIN2 users can be deprived of the right to implement Global_Shipping scripts.\u003cbr\u003e"
}
],
"value": "BRAIN2 users can be deprived of the right to implement Global_Shipping scripts."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-12509",
"datePublished": "2025-10-31T15:51:25.120Z",
"dateReserved": "2025-10-30T14:08:51.595Z",
"dateUpdated": "2025-10-31T17:43:51.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12508 (GCVE-0-2025-12508)
Vulnerability from cvelistv5
Published
2025-10-31 15:49
Modified
2025-10-31 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Summary
When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T17:44:19.445267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T17:44:27.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "BRAIN2",
"vendor": "Bizerba",
"versions": [
{
"lessThan": "3.07",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bizerba:brain2:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "3.07",
"versionStartIncluding": "0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality."
}
],
"value": "When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T15:49:54.429Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0006.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version 3.07\u003cbr\u003e"
}
],
"value": "Update to version 3.07"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0006",
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-10-30T23:00:00.000Z",
"value": "Release of new version BRAIN2 3.07"
},
{
"lang": "en",
"time": "2025-10-30T23:00:00.000Z",
"value": "Publish Security"
}
],
"title": "Unencrypted communication to Active Directory services",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Do not use domain users as BRAIN2 users in unprotected networks. Use local BRAIN2 users instead."
}
],
"value": "Do not use domain users as BRAIN2 users in unprotected networks. Use local BRAIN2 users instead."
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-12508",
"datePublished": "2025-10-31T15:49:54.429Z",
"dateReserved": "2025-10-30T14:08:50.565Z",
"dateUpdated": "2025-10-31T17:44:27.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12507 (GCVE-0-2025-12507)
Vulnerability from cvelistv5
Published
2025-10-31 15:48
Modified
2025-10-31 18:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-428 - Unquoted Search Path or Element
Summary
The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bizerba | _connect.BRAIN |
Version: 0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T18:17:08.521501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T18:17:20.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "_connect.BRAIN",
"vendor": "Bizerba",
"versions": [
{
"lessThan": "5.02",
"status": "affected",
"version": "0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bizerba:_connect.brain:*:*:windows:*:*:*:*:*",
"versionEndExcluding": "5.02",
"versionStartIncluding": "0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.\u003cbr\u003e"
}
],
"value": "The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428 Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T15:48:36.371Z",
"orgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"shortName": "bizerba"
},
"references": [
{
"url": "https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0005.pdf"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to version \u2265 5.02\u003cbr\u003e"
}
],
"value": "Update to version \u2265 5.02"
}
],
"source": {
"advisory": "BIZERBA-SA-2025-0005",
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-01-15T23:00:00.000Z",
"value": "Release of new Version _connect.BRAIN 5.02"
},
{
"lang": "en",
"time": "2025-10-30T23:00:00.000Z",
"value": "Publish Security Advisory"
}
],
"title": "Insecure service configuration \u2013 unquoted path",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enclose the service path in the registry in quotes: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BCS\\ImagePath\u003cbr\u003e"
}
],
"value": "Enclose the service path in the registry in quotes: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BCS\\ImagePath"
}
],
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0beee27a-7d8c-424f-8e46-ac453fa147e6",
"assignerShortName": "bizerba",
"cveId": "CVE-2025-12507",
"datePublished": "2025-10-31T15:48:36.371Z",
"dateReserved": "2025-10-30T14:08:49.409Z",
"dateUpdated": "2025-10-31T18:17:20.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}