Multiple vulnerabilities in B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compact plus
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 11 |
| CVE-ID | CVE-2020-25158 CVE-2020-25154 CVE-2020-25162 CVE-2020-25152 CVE-2020-25164 CVE-2020-25150 CVE-2020-25166 CVE-2020-16238 CVE-2020-25168 CVE-2020-25156 CVE-2020-25160 |
| CWE-ID | CWE-79 CWE-601 CWE-643 CWE-384 CWE-759 CWE-22 CWE-347 CWE-269 CWE-798 CWE-489 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SpaceCom Hardware solutions / Other hardware appliances Data module compact plus Hardware solutions / Other hardware appliances Battery pack with Wi-Fi Other software / Other software solutions |
| Vendor | B. Braun Melsungen AG |
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU47905
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25158
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpaceCom: L81 - U61
Data module compact plus: A10 - A11
Battery pack with Wi-Fi: L81 - U61
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-20-296-02
http://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/se...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Open redirect
EUVDB-ID: #VU47906
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25154
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data in the administrative interface. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpaceCom: L81 - U61
Data module compact plus: A10 - A11
Battery pack with Wi-Fi: L81 - U61
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-20-296-02
http://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/se...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) XPath Injection
EUVDB-ID: #VU47907
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25162
CWE-ID:
CWE-643 - Improper Neutralization of Data within XPath Expressions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to improper input validation. A remote attacker can access sensitive information and escalate privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpaceCom: L81 - U61
Data module compact plus: A10 - A11
Battery pack with Wi-Fi: L81 - U61
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-20-296-02
http://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/se...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Session Fixation
EUVDB-ID: #VU47908
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25152
CWE-ID:
CWE-384 - Session Fixation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to the session invalidation issue. A remote attacker can hijack web sessions and escalate privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpaceCom: L81 - U61
Data module compact plus: A10 - A11
Battery pack with Wi-Fi: L81 - U61
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-20-296-02
http://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/se...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use of a One-Way Hash without a Salt
EUVDB-ID: #VU47909
Risk: Low
CVSSv3.1: 4.5 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25164
CWE-ID:
CWE-759 - Use of a One-Way Hash without a Salt
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to sensitive information on the system.
The vulnerability exists due to salt is not used for hash calculation of passwords, making it possible to decrypt passwords. A local attacker can recover user credentials of the administrative interface.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpaceCom: L81 - U61
Data module compact plus: A10 - A11
Battery pack with Wi-Fi: L81 - U61
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-20-296-02
http://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/se...
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Path traversal
EUVDB-ID: #VU47912
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25150
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and upload arbitrary files.
MitigationInstall update from vendor's website.
Vulnerable software versionsSpaceCom: L81 - U61
Data module compact plus: A10 - A11
Battery pack with Wi-Fi: L81 - U61
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-20-296-02
http://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/se...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU47915
Risk: Low
CVSSv3.1: 4.3 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25166
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to an improper verification of the cryptographic signature of firmware updates. An attacker with physical access can generate valid firmware updates with arbitrary content that can be used to tamper with devices.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpaceCom: L81 - U61
Data module compact plus: A10 - A11
Battery pack with Wi-Fi: L81 - U61
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-20-296-02
http://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/se...
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper Privilege Management
EUVDB-ID: #VU47919
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16238
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management in the configuration import mechanism. A local administrator can escalate privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpaceCom: L81 - U61
Data module compact plus: A10 - A11
Battery pack with Wi-Fi: L81 - U61
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-20-296-02
http://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/se...
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use of hard-coded credentials
EUVDB-ID: #VU47920
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25168
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code. A local user can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpaceCom: L81 - U61
Data module compact plus: A10 - A11
Battery pack with Wi-Fi: L81 - U61
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-20-296-02
http://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/se...
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Active Debug Code
EUVDB-ID: #VU47921
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25156
CWE-ID:
CWE-489 - Active Debug Code
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain full control over the device.
The vulnerability exists due an active debug code. A remote administrator can exploit the debug port and takeover the target device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpaceCom: L81 - U61
Battery pack with Wi-Fi: L81 - U61
Data module compact plus: A10 - A11
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-20-296-02
http://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/se...
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper access control
EUVDB-ID: #VU47922
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25160
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A local attacker can bypass implemented security restrictions and extract and tamper with the devices network configuration.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSpaceCom: L81 - U61
Data module compact plus: A10 - A11
Battery pack with Wi-Fi: L81 - U61
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-20-296-02
http://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/se...
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
