CVE-2020-25168

Description

Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

B. Braun Melsungen AG / Battery pack with Wi-Fiunspecified – U61
B. Braun Melsungen AG / Battery pack with Wi-Fiunspecified – L81
B. Braun Melsungen AG / Data module compactplusA10 – A10
B. Braun Melsungen AG / Data module compactplusA11 – A11
B. Braun Melsungen AG / SpaceComunspecified – U61
B. Braun Melsungen AG / SpaceComunspecified – L81

References

VENDOR_ADVISORYhttps://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02
MISChttps://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html