Brightpick Mission Control / Internal Logic Control Missing Authentication for...

6.5 / 10

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

The Brightpick Internal Logic Control web interface is accessible
without requiring user authentication. An unauthorized user could
exploit this interface to manipulate robot control functions, including
initiating or halting runners, assigning jobs, clearing stations, and
deploying storage totes.

Basic Information

ID CVE-2025-64307

Source icscert

Published Nov 14, 2025 at 23:34

Affected Product

Vendor Brightpick AI

Product Brightpick Mission Control / Internal Logic Control

Version All versions

Affected Versions Brightpick AI Brightpick Mission Control / Internal Logic Control All versions

CWE Classification

CWE-306

References

{
    "lastseen": "",
    "description": "The Brightpick Internal Logic Control web interface is accessible \nwithout requiring user authentication. An unauthorized user could \nexploit this interface to manipulate robot control functions, including \ninitiating or halting runners, assigning jobs, clearing stations, and \ndeploying storage totes.",
    "published": "2025-11-14T23:34:59.659Z",
    "modified": "2025-11-14T23:34:59.659Z",
    "type": "cve",
    "title": "Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function",
    "source": "icscert",
    "references": "https://brightpick.ai/contact-us/\nhttps://www.cisa.gov/news-events/ics-advisories/icsa-25-317-04\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-317-04.json",
    "id": "CVE-2025-64307",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "Brightpick AI Brightpick Mission Control / Internal Logic Control All versions",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Brightpick Mission Control / Internal Logic Control",
    "version": "All versions",
    "vendor": "Brightpick AI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function_CVE-2025-64307