{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9914", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2025-09-03T08:59:00.184Z", "datePublished": "2025-10-06T06:45:59.874Z", "dateUpdated": "2026-05-13T11:48:19.759Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2026-05-13T11:48:19.759Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "type": "CWE"}]}], "affected": [{"vendor": "SICK AG", "product": "Baggage Analytics", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.3", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Tire Analytics", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.3", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Package Analytics", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.3", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Logistic Diagnostic Analytics", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.3", "versionType": "custom"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application.</p>"}]}], "references": [{"url": "https://sick.com/psirt", "tags": ["x_SICK PSIRT Security Advisories"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "tags": ["x_SICK Operating Guidelines"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["x_ICS-CERT recommended practices on Industrial Security"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["x_CVSS v3.1 Calculator"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json", "tags": ["x_The canonical URL."]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "environmentalScore": 4.3, "environmentalSeverity": "MEDIUM", "temporalScore": 4.3, "temporalSeverity": "MEDIUM"}}], "solutions": [{"lang": "en", "value": "It is strongly recommended to update the product to version 4.6.3.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "It is strongly recommended to update the product to version 4.6.3."}]}], "source": {"advisory": "SCA-2025-0010", "discovery": "INTERNAL"}, "x_generator": {"engine": "csaf2cve 0.2.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-06T12:22:41.072841Z", "id": "CVE-2025-9914", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T12:22:47.631Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9914", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-06T12:22:41.072841Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T12:22:44.526Z"}}], "cna": {"source": {"advisory": "SCA-2025-0010", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "temporalScore": 4.3, "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "temporalSeverity": "MEDIUM", "availabilityImpact": "NONE", "environmentalScore": 4.3, "privilegesRequired": "LOW", "confidentialityImpact": "LOW", "environmentalSeverity": "MEDIUM"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SICK AG", "product": "Baggage Analytics", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.3", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Tire Analytics", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.3", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Package Analytics", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.3", "versionType": "custom"}], "defaultStatus": "affected"}, {"vendor": "SICK AG", "product": "Logistic Diagnostic Analytics", "versions": [{"status": "affected", "version": "0", "lessThan": "4.6.3", "versionType": "custom"}], "defaultStatus": "affected"}], "solutions": [{"lang": "en", "value": "It is strongly recommended to update the product to version 4.6.3.", "supportingMedia": [{"type": "text/html", "value": "It is strongly recommended to update the product to version 4.6.3.", "base64": false}]}], "references": [{"url": "https://sick.com/psirt", "tags": ["x_SICK PSIRT Security Advisories"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "tags": ["x_SICK Operating Guidelines"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["x_ICS-CERT recommended practices on Industrial Security"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["x_CVSS v3.1 Calculator"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json", "tags": ["x_The canonical URL."]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "csaf2cve 0.2.1"}, "descriptions": [{"lang": "en", "value": "The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2026-05-13T11:48:19.759Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9914", "state": "PUBLISHED", "dateUpdated": "2026-05-13T11:48:19.759Z", "dateReserved": "2025-09-03T08:59:00.184Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2025-10-06T06:45:59.874Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sick:baggage_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "E62416BA-1BF1-43BD-98B2-57BD34128419", "vulnerable": true}, {"criteria": "cpe:2.3:a:sick:logistic_diagnostic_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "27031959-2981-4755-9E3D-02CD083F2B72", "vulnerable": true}, {"criteria": "cpe:2.3:a:sick:package_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "5955214B-0D71-449A-BFD4-8804FDF91CA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sick:tire_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "86C0BA69-E701-45A3-ADA5-130B8AD9DF15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access. This could potentially affect the confidentiality of the application."}], "id": "CVE-2025-9914", "lastModified": "2026-01-29T01:56:06.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@sick.de", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-10-06T07:15:36.363", "references": [{"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"source": "psirt@sick.de", "tags": ["Not Applicable"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"}, {"source": "psirt@sick.de", "tags": ["Vendor Advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf"}, {"source": "psirt@sick.de", "tags": ["Product"], "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "psirt@sick.de", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"created": "2025-10-08T13:39:02.933870+00:00", "updated": "2025-10-08T13:39:02.933896+00:00", "vendors": ["sick", "sick$PRODUCT$baggage_analytics", "sick$PRODUCT$logistic_diagnostic_analytics", "sick$PRODUCT$package_analytics", "sick$PRODUCT$tire_analytics"]}