21 matches found
CVE-2025-64308
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...
CVE-2025-64307
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...
CVE-2025-64307
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...
CVE-2025-64308
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...
Brightpick Internal Logic Control 访问控制错误漏洞
Brightpick Internal Logic Control is a suite of internal logic decision algorithm controllers from Brightpick USA. An access control error vulnerability exists in Brightpick Internal Logic Control that originates from unauthenticated access to the web interface and could lead to unauthorized robo...
Brightpick Mission Control 安全漏洞
Brightpick Mission Control is a centralized control platform for mission management from Brightpick USA. A security vulnerability exists in Brightpick Mission Control that originates from the disclosure of device telemetry, configuration, and credential information to unauthenticated users via...
Brightpick Mission Control 安全漏洞
Brightpick Mission Control is a centralized control platform for mission management from Brightpick USA. A security vulnerability exists in Brightpick Mission Control that stems from the inclusion of hard-coded credentials in a client-side JavaScript package...
CVE-2025-64309 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...
CVE-2025-64309 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...
EUVD-2025-197664
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...
CVE-2025-64309
Brightpick Mission Control is affected. Multiple sources (NVD, Red Hat, CVE lists, and security advisories) describe a vulnerability where an unauthenticated user can access a WebSocket URL and exfiltrate device telemetry, configuration data, and credentials. The unauthenticated URL can be discov...
CVE-2025-64308 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...
CVE-2025-64308
Brightpick Mission Control web application exposes hardcoded credentials in the client-side JavaScript bundle. The vulnerability can enable unauthorized access to credentials and could allow manipulation of robot control functions through an unauthenticated interface and via WebSocket traffic, pe...
CVE-2025-64308 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...
CVE-2025-64307 Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...
EUVD-2025-197666
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...
CVE-2025-64307 Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...
PT-2025-47031
Name of the Vulnerable Software and Affected Versions Brightpick Mission Control affected versions not specified Description Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users connecting to a specific URL...
PT-2025-47030
Name of the Vulnerable Software and Affected Versions Brightpick Mission Control affected versions not specified Description The Brightpick Mission Control web application contains hardcoded credentials within its client-side JavaScript bundle. These credentials are directly embedded in the code,...
PT-2025-47029
Name of the Vulnerable Software and Affected Versions Brightpick versions affected versions not specified Description The Brightpick Internal Logic Control web interface is accessible without user authentication. This allows an unauthorized user to manipulate robot control functions. These...