{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-58580", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "state": "PUBLISHED", "assignerShortName": "SICK AG", "dateReserved": "2025-09-03T08:58:14.355Z", "datePublished": "2025-10-06T06:49:27.619Z", "dateUpdated": "2025-10-06T12:21:24.059Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Enterprise Analytics", "vendor": "SICK AG", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example.</p>"}], "value": "An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "environmentalScore": 6.5, "environmentalSeverity": "MEDIUM", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "temporalScore": 6.5, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-117", "description": "CWE-117 Improper Output Neutralization for Logs", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-10-06T07:09:38.369Z"}, "references": [{"tags": ["x_SICK PSIRT Security Advisories"], "url": "https://sick.com/psirt"}, {"tags": ["x_SICK Operating Guidelines"], "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}, {"tags": ["x_ICS-CERT recommended practices on Industrial Security"], "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"tags": ["x_CVSS v3.1 Calculator"], "url": "https://www.first.org/cvss/calculator/3.1"}, {"tags": ["x_The canonical URL."], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"}, {"tags": ["vendor-advisory"], "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf"}], "source": {"advisory": "SCA-2025-0010", "discovery": "INTERNAL"}, "title": "Injection via log file", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.</p>"}], "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices."}], "x_generator": {"engine": "csaf2cve 0.2.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-06T12:21:17.972089Z", "id": "CVE-2025-58580", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T12:21:24.059Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-58580", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-06T12:21:17.972089Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-06T12:21:20.878Z"}}], "cna": {"title": "Injection via log file", "source": {"advisory": "SCA-2025-0010", "discovery": "INTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "temporalScore": 6.5, "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "temporalSeverity": "MEDIUM", "availabilityImpact": "LOW", "environmentalScore": 6.5, "privilegesRequired": "NONE", "confidentialityImpact": "NONE", "environmentalSeverity": "MEDIUM"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SICK AG", "product": "Enterprise Analytics", "versions": [{"status": "affected", "version": "all versions", "versionType": "custom"}], "defaultStatus": "affected"}], "references": [{"url": "https://sick.com/psirt", "tags": ["x_SICK PSIRT Security Advisories"]}, {"url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf", "tags": ["x_SICK Operating Guidelines"]}, {"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", "tags": ["x_ICS-CERT recommended practices on Industrial Security"]}, {"url": "https://www.first.org/cvss/calculator/3.1", "tags": ["x_CVSS v3.1 Calculator"]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json", "tags": ["x_The canonical URL."]}, {"url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.", "supportingMedia": [{"type": "text/html", "value": "<p>Please make sure that only trusted entities have access to the device. Furthermore, you should apply the following General Security Measures when operating the product to mitigate the associated security risk. The collected resources \u201dSICK Operating Guidelines\u201d and \u201dICS-CERT recommended practices on Industrial Security\u201d could help to implement the general security practices.</p>", "base64": false}]}], "x_generator": {"engine": "csaf2cve 0.2.1"}, "descriptions": [{"lang": "en", "value": "An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example.", "supportingMedia": [{"type": "text/html", "value": "<p>An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-117", "description": "CWE-117 Improper Output Neutralization for Logs"}]}], "providerMetadata": {"orgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "shortName": "SICK AG", "dateUpdated": "2025-10-06T07:09:38.369Z"}}}, "cveMetadata": {"cveId": "CVE-2025-58580", "state": "PUBLISHED", "dateUpdated": "2025-10-06T12:21:24.059Z", "dateReserved": "2025-09-03T08:58:14.355Z", "assignerOrgId": "a6863dd2-93fc-443d-bef1-79f0b5020988", "datePublished": "2025-10-06T06:49:27.619Z", "assignerShortName": "SICK AG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and thus falsify or dilute logs, for example."}], "id": "CVE-2025-58580", "lastModified": "2025-10-06T14:56:21.733", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "psirt@sick.de", "type": "Secondary"}]}, "published": "2025-10-06T07:15:34.400", "references": [{"source": "psirt@sick.de", "url": "https://sick.com/psirt"}, {"source": "psirt@sick.de", "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"}, {"source": "psirt@sick.de", "url": "https://www.first.org/cvss/calculator/3.1"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf"}, {"source": "psirt@sick.de", "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"}], "sourceIdentifier": "psirt@sick.de", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-117"}], "source": "psirt@sick.de", "type": "Secondary"}]}

{}

{"created": "2025-10-06T14:39:54.604140+00:00", "updated": "2025-10-06T14:39:54.604195+00:00", "vendors": ["sick", "sick$PRODUCT$enterprise_analytics"]}