Multiple vulnerabilities in B. Braun Battery Pack SP with Wi-Fi and SpaceStation with SpaceCom 2 within the United States and Canada



Published: 2021-10-25
Risk High
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2021-33886
CVE-2021-33885
CVE-2021-33882
CVE-2021-33883
CVE-2021-33884
CWE-ID CWE-20
CWE-345
CWE-306
CWE-319
CWE-434
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
SpaceStation with SpaceCom 2
Hardware solutions / Medical equipment

Battery pack SP with Wi-Fi
Hardware solutions / Medical equipment

Vendor B. Braun Melsungen AG

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU56076

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33886

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can gain user level command line access through passing a raw external string straight through to printf statements.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SpaceStation with SpaceCom 2: 012U000061

Battery pack SP with Wi-Fi: 028U000061

External links

http://ics-cert.us-cert.gov/advisories/icsma-21-294-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Insufficient verification of data authenticity

EUVDB-ID: #VU56077

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33885

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromsie the target system.

The vulnerability exists due to insufficient verification of data authenticity. A remote attacker can send specially crafted data to the device, leading to execution through lack of cryptographic signatures on critical data sets.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SpaceStation with SpaceCom 2: 012U000061

Battery pack SP with Wi-Fi: 028U000061

External links

http://ics-cert.us-cert.gov/advisories/icsma-21-294-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Missing Authentication for Critical Function

EUVDB-ID: #VU56078

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33882

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to lack of authentication on proprietary networking commands. A remote attacker can reconfigure the device from an unknown source.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SpaceStation with SpaceCom 2: 012U000061

Battery pack SP with Wi-Fi: 028U000061

External links

http://ics-cert.us-cert.gov/advisories/icsma-21-294-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Cleartext transmission of sensitive information

EUVDB-ID: #VU56079

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33883

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can obtain sensitive information by snooping the network traffic

Mitigation

Install update from vendor's website.

Vulnerable software versions

SpaceStation with SpaceCom 2: 012U000061

Battery pack SP with Wi-Fi: 028U000061

External links

http://ics-cert.us-cert.gov/advisories/icsma-21-294-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Arbitrary file upload

EUVDB-ID: #VU56080

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33884

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload any files to the /tmp directory of the device through the webpage API.

Mitigation

Install update from vendor's website.

Vulnerable software versions

SpaceStation with SpaceCom 2: 012U000061

Battery pack SP with Wi-Fi: 028U000061

External links

http://ics-cert.us-cert.gov/advisories/icsma-21-294-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###