CVE-2023-0888 – Authenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi

https://notcve.org/view.php?id=CVE-2023-0888

13 Mar 2023 — An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication modul... • https://www.bbraun.com/productsecurity • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •