CVE-2025-58586 | THREATINT

Description

For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existing one.

PUBLISHED Reserved 2025-09-03 | Published 2025-10-06 | Updated 2025-10-06 | Assigner SICK AG

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-204 Observable Response Discrepancy

Product status

Default status

affected

all versions

affected

Default status

affected

all versions

affected

Default status

affected

all versions

affected

Default status

affected

all versions

affected

Default status

affected

all versions

affected

References

sick.com/psirt

www.sick.com/...lines_cybersecurity_by_sick_en_im0106719.pdf

www.cisa.gov/...es-tools/resources/ics-recommended-practices

www.first.org/cvss/calculator/3.1

www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json

www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf vendor-advisory

cve.org (CVE-2025-58586)

nvd.nist.gov (CVE-2025-58586)

Download JSON