CVE-2020-25162
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| B. Braun Melsungen AG | SpaceCom | unspecified <= U61 | affected |
| B. Braun Melsungen AG | SpaceCom | unspecified <= L81 | affected |
| B. Braun Melsungen AG | Battery pack with Wi-Fi | unspecified <= U61 | affected |
| B. Braun Melsungen AG | Battery pack with Wi-Fi | unspecified <= L81 | affected |
| B. Braun Melsungen AG | Data module compactplus | A10 | affected |
| B. Braun Melsungen AG | Data module compactplus | A11 | affected |
Weaknesses
- CWE-643: CWE-643: XPath Injection
Workarounds
As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:
Ensure the devices are not accessible directly from the Internet.
Use a firewall and isolate the medical devices from the business network.
Please contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
ADP Enrichment
CVE Program Container
Additional References
- https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02
- https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02
- https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.