Primary

Context

Bizerba Communication Server Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability exists in Bizerba Communication Server (BCS) versions prior to 5.02, where the service has an unquoted service path. This misconfiguration allows Windows to improperly search for the executable, potentially leading to the execution of malicious programs. Such programs would run with system privileges.

Impact

Exploitation of this vulnerability could result in arbitrary code execution with system privileges.

Remediation

Users are advised to update to Bizerba Communication Server version 5.02 or later. For those using an earlier version, the service path can be enclosed in quotes within the Windows Registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BCS\ImagePath.

Added: Oct 31, 2025, 4:24 PM

Updated: Oct 31, 2025, 4:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Bizerba Communication Server Unquoted Service Path Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Bizerba _connect.BRAIN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating