IM
IronMonkey Threat Research
‹ Back to ICS Advisories

Brightpick Mission Control / Internal Logic Control (Update A)

HIGH
CVSS 7.4
Date 2026-06-23T06:00:00+00:00
Source cisa-csaf
Published by CISA

// Description

Successful exploitation of these vulnerabilities could result in the exposure of sensitive information and the manipulation of critical functions by an attacker.

// Vulnerabilities (3)

CVE ID CVSS Score Severity Description
CVE-2025-64307 6.5 medium
The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.
CVE-2025-64308 6.5 medium
The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle to Brightpick AI's documentation portal.
CVE-2025-64309 7.4 high
The affected product discloses device telemetry, configuration, and sensitive information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.

// Remediations (3)

Mitigation: Users of the affected products are encouraged to contact Brightpick AI https://brightpick.ai/contact
Users of the affected products are encouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information.
Mitigation: Users of the affected products are encouraged to contact Brightpick AI https://brightpick.ai/contact
Users of the affected products are encouraged to contact Brightpick AI https://brightpick.ai/contact-us/ for additional information.
Patch: Brightpick AI has updated their backend in Mission Control to release 1.67.0 to mitigate these vulne
Brightpick AI has updated their backend in Mission Control to release 1.67.0 to mitigate these vulnerabilities as of February 04, 2026. Users running Mission Control 1.67.0 or later are mitigated.

// References