{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-58587", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2025-09-03T08:58:53.142Z", "datePublished": "2025-10-06T07:03:15.540Z", "dateUpdated": "2025-10-06T18:21:04.170Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Baggage Analytics", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Tire Analytics", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Package Analytics", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Logistic Diagnostic Analytics", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Enterprise Analytics", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.</p>"}], "value": "The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "environmentalScore": 6.5, "environmentalSeverity": "MEDIUM", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-10-06T07:03:15.540Z"}, "references": [{"tags": ["x_SICK PSIRT Security Advisories"], "url": "https://sick.com/psirt"}, {"tags": ["x_SICK Operating Guidelines"], "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}, {"tags": ["x_ICS-CERT recommended practices on Industrial Security"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"tags": ["x_CVSS v3.1 Calculator"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"tags": ["x_The canonical URL."], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"}, {"tags": ["vendor-advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf"}], "source": {"advisory": "SCA-2025-0010", "discovery": "INTERNAL"}, "title": "Improper Restriction of Excessive Authentication Attempts", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.</p>"}], "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices."}], "x_generator": {"engine": "csaf2cve 0.2.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-06T18:20:43.552495Z", "id": "CVE-2025-58587", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T18:21:04.170Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-58587", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-06T18:20:43.552495Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T18:20:55.390Z"}}], "cna": {"title": "Improper Restriction of Excessive Authentication Attempts", "source": {"advisory": "SCA-2025-0010", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "temporalScore": 6.5, "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "temporalSeverity": "MEDIUM", "availabilityImpact": "LOW", "environmentalScore": 6.5, "privilegesRequired": "NONE", "confidentialityImpact": "NONE", "environmentalSeverity": "MEDIUM"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SICK AG", "product": "Baggage Analytics", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Tire Analytics", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Package Analytics", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Logistic Diagnostic Analytics", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Enterprise Analytics", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://sick.com/psirt", "tags": ["x_SICK PSIRT Security Advisories"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "tags": ["x_SICK Operating Guidelines"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["x_ICS-CERT recommended practices on Industrial Security"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["x_CVSS v3.1 Calculator"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json", "tags": ["x_The canonical URL."]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.", "supportingMedia": [{"type": "text/html", "value": "<p>Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.</p>", "base64": false}]}], "x_generator": {"engine": "csaf2cve 0.2.1"}, "descriptions": [{"lang": "en", "value": "The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.", "supportingMedia": [{"type": "text/html", "value": "<p>The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-10-06T07:03:15.540Z"}}}, "cveMetadata": {"cveId": "CVE-2025-58587", "state": "PUBLISHED", "dateUpdated": "2025-10-06T18:21:04.170Z", "dateReserved": "2025-09-03T08:58:53.142Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2025-10-06T07:03:15.540Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sick:baggage_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "E62416BA-1BF1-43BD-98B2-57BD34128419", "vulnerable": true}, {"criteria": "cpe:2.3:a:sick:enterprise_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "04E8EA78-2780-40C0-B5BA-6CF99DE6355B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sick:logistic_diagnostic_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "27031959-2981-4755-9E3D-02CD083F2B72", "vulnerable": true}, {"criteria": "cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "5955214B-0D71-449A-BFD4-8804FDF91CA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sick:tire_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "86C0BA69-E701-45A3-ADA5-130B8AD9DF15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials."}], "id": "CVE-2025-58587", "lastModified": "2026-01-27T19:46:29.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "psirt@sick.de", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-10-06T07:15:35.560", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"source": "psirt@sick.de", "tags": ["Not Applicable"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf"}, {"source": "psirt@sick.de", "tags": ["Product"], "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}], "source": "psirt@sick.de", "type": "Secondary"}]}

{}

{}