Main Vulnerability Database Vulnerabilities #VU47909

#VU47909 Use of a One-Way Hash without a Salt in B. Braun Melsungen AG products - CVE-2020-25164

Published: October 26, 2020 / Updated: October 26, 2020

Vulnerability identifier: #VU47909

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-25164

CWE-ID: CWE-759

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
SpaceCom
Data module compact plus
Battery pack with Wi-Fi

Software vendor:
B. Braun Melsungen AG

Description

The vulnerability allows a local attacker to gain access to sensitive information on the system.

The vulnerability exists due to salt is not used for hash calculation of passwords, making it possible to decrypt passwords. A local attacker can recover user credentials of the administrative interface.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsma-20-296-02
https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/se...

#VU47909 Use of a One-Way Hash without a Salt in B. Braun Melsungen AG products - CVE-2020-25164

Description

Remediation

External links

Please verify you're human