SB2020102616 - Multiple vulnerabilities in B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compact plus

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020102616

SB2020102616 - Multiple vulnerabilities in B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compact plus

Published: October 26, 2020

Security Bulletin ID SB2020102616
Severity
Medium
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 36% Low 64%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Cross-site scripting (CVE-ID: CVE-2020-25158)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


2) Open redirect (CVE-ID: CVE-2020-25154)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data in the administrative interface. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.


3) XPath Injection (CVE-ID: CVE-2020-25162)

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to improper input validation. A remote attacker can access sensitive information and escalate privileges on the target system.


4) Session Fixation (CVE-ID: CVE-2020-25152)

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to the session invalidation issue. A remote attacker can hijack web sessions and escalate privileges.


5) Use of a One-Way Hash without a Salt (CVE-ID: CVE-2020-25164)

The vulnerability allows a local attacker to gain access to sensitive information on the system.

The vulnerability exists due to salt is not used for hash calculation of passwords, making it possible to decrypt passwords. A local attacker can recover user credentials of the administrative interface.


6) Path traversal (CVE-ID: CVE-2020-25150)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and upload arbitrary files.


7) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2020-25166)

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to an improper verification of the cryptographic signature of firmware updates. An attacker with physical access can generate valid firmware updates with arbitrary content that can be used to tamper with devices.


8) Improper Privilege Management (CVE-ID: CVE-2020-16238)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management in the configuration import mechanism. A local administrator can escalate privileges.


9) Use of hard-coded credentials (CVE-ID: CVE-2020-25168)

The vulnerability allows a local user to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code. A local user can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


10) Active Debug Code (CVE-ID: CVE-2020-25156)

The vulnerability allows a remote user to gain full control over the device.

The vulnerability exists due an active debug code. A remote administrator can exploit the debug port and takeover the target device.


11) Improper access control (CVE-ID: CVE-2020-25160)

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A local attacker can bypass implemented security restrictions and extract and tamper with the devices network configuration.


Remediation

Install update from vendor's website.

References