{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-58591", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2025-09-03T08:58:53.142Z", "datePublished": "2025-10-06T07:07:30.103Z", "dateUpdated": "2025-10-06T17:37:34.792Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Baggage Analytics", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Tire Analytics", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Package Analytics", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}]}, {"defaultStatus": "affected", "product": "Logistic Diagnostic Analytics", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information.</p>"}], "value": "A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "environmentalScore": 6.5, "environmentalSeverity": "MEDIUM", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-10-06T07:07:30.103Z"}, "references": [{"tags": ["x_SICK PSIRT Security Advisories"], "url": "https://sick.com/psirt"}, {"tags": ["x_SICK Operating Guidelines"], "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}, {"tags": ["x_ICS-CERT recommended practices on Industrial Security"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"tags": ["x_CVSS v3.1 Calculator"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"tags": ["x_The canonical URL."], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"}, {"tags": ["vendor-advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf"}], "source": {"advisory": "SCA-2025-0010", "discovery": "INTERNAL"}, "title": "Path Traversal", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.</p>"}], "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices."}], "x_generator": {"engine": "csaf2cve 0.2.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-06T17:37:24.282184Z", "id": "CVE-2025-58591", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T17:37:34.792Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-58591", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-06T17:37:24.282184Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T17:37:30.209Z"}}], "cna": {"title": "Path Traversal", "source": {"advisory": "SCA-2025-0010", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "temporalScore": 6.5, "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "temporalSeverity": "MEDIUM", "availabilityImpact": "NONE", "environmentalScore": 6.5, "privilegesRequired": "LOW", "confidentialityImpact": "HIGH", "environmentalSeverity": "MEDIUM"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SICK AG", "product": "Baggage Analytics", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Tire Analytics", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Package Analytics", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Logistic Diagnostic Analytics", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://sick.com/psirt", "tags": ["x_SICK PSIRT Security Advisories"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "tags": ["x_SICK Operating Guidelines"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["x_ICS-CERT recommended practices on Industrial Security"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["x_CVSS v3.1 Calculator"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json", "tags": ["x_The canonical URL."]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.", "supportingMedia": [{"type": "text/html", "value": "<p>Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.</p>", "base64": false}]}], "x_generator": {"engine": "csaf2cve 0.2.1"}, "descriptions": [{"lang": "en", "value": "A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information.", "supportingMedia": [{"type": "text/html", "value": "<p>A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-10-06T07:07:30.103Z"}}}, "cveMetadata": {"cveId": "CVE-2025-58591", "state": "PUBLISHED", "dateUpdated": "2025-10-06T17:37:34.792Z", "dateReserved": "2025-09-03T08:58:53.142Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2025-10-06T07:07:30.103Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sick:baggage_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "E62416BA-1BF1-43BD-98B2-57BD34128419", "vulnerable": true}, {"criteria": "cpe:2.3:a:sick:logistic_diagnostic_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "27031959-2981-4755-9E3D-02CD083F2B72", "vulnerable": true}, {"criteria": "cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "5955214B-0D71-449A-BFD4-8804FDF91CA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sick:tire_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "86C0BA69-E701-45A3-ADA5-130B8AD9DF15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information."}], "id": "CVE-2025-58591", "lastModified": "2026-01-27T19:41:38.117", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "psirt@sick.de", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-10-06T07:15:36.043", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"source": "psirt@sick.de", "tags": ["Not Applicable"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf"}, {"source": "psirt@sick.de", "tags": ["Product"], "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "psirt@sick.de", "type": "Secondary"}]}

{}

{}