CVE-2025-58586
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.
| Software | From | Fixed in |
|---|---|---|
| sick / baggage_analytics | - | - |
| sick / enterprise_analytics | - | - |
| sick / logistic_diagnostic_analytics | - | - |
| sick / package_analytics | - | - |
| sick / tire_analytics | - | - |
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf
- https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime