CVE-2025-58580

EUVD-2025-32200
An API  endpoint  allows  arbitrary  log  entries  to  be  created  via  POST request.  Without sufficient  validation  of the  input data, an attacker  can create manipulated log entries and thus falsify or dilute logs, for example.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
SICK AGCNA
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
sickenterprise_analytics
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sick.com/psirt
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
https://www.first.org/cvss/calculator/3.1
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.json
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0010.pdf
https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf