Improper Restriction of Excessive Authentication Attempts_CVE-2025-58587

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Description

The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.

Basic Information

ID CVE-2025-58587

Source SICK AG

Published Oct 6, 2025 at 07:03

Affected Product

Vendor SICK AG

Product Baggage Analytics

Version all versions

Affected Versions SICK AG Baggage Analytics all versions
SICK AG Tire Analytics all versions
SICK AG Package Analytics all versions
SICK AG Logistic Diagnostic Analytics all versions
SICK AG Enterprise Analytics all versions

CWE Classification

CWE-307

References

{
    "lastseen": "",
    "description": "The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.",
    "published": "2025-10-06T07:03:15.540Z",
    "modified": "2025-10-06T07:03:15.540Z",
    "type": "cve",
    "title": "Improper Restriction of Excessive Authentication Attempts",
    "source": "SICK AG",
    "references": "https://sick.com/psirt\nhttps://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf\nhttps://www.cisa.gov/resources-tools/resources/ics-recommended-practices\nhttps://www.first.org/cvss/calculator/3.1\nhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json\nhttps://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf",
    "id": "CVE-2025-58587",
    "bulletinFamily": "",
    "cwe": [
        "CWE-307"
    ],
    "cvelist": null,
    "sourceData": "SICK AG Baggage Analytics all versions\nSICK AG Tire Analytics all versions\nSICK AG Package Analytics all versions\nSICK AG Logistic Diagnostic Analytics all versions\nSICK AG Enterprise Analytics all versions",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Baggage Analytics",
    "version": "all versions",
    "vendor": "SICK AG",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}