CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25164 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-25164
14 Apr 2022 — A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface. Una vulnerabilidad en B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el módulo de Datos compactplus Versiones A10 y A11, permite a atacantes recuperar las credenciales de usuario de la interfaz administrativa • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-759: Use of a One-Way Hash without a Salt •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25168 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-25168
14 Apr 2022 — Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module. Unas credenciales embebidas en B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el módulo de Datos compactplus Versiones A10 y A11, permiten a atacantes con acceso a la línea de comandos acceder al módulo Wi-Fi del dispositivo • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25166 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-25166
14 Apr 2022 — An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices. Una verificación incorrecta de la firma criptográfica de las actualizaciones de firmware del B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y del módulo de Datos compactplus Versiones ... • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25154 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-25154
14 Apr 2022 — An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites. Una vulnerabilidad de redireccionamiento abierto en la interfaz administrativa del dispositivo B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el módulo de Datos compactplus Versiones A10 y A11, permite a atacantes redirigir a usuarios a sitios we... • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25162 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-25162
14 Apr 2022 — A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges. Una vulnerabilidad de inyección XPath en B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el módulo de Datos compactplus Versiones A10 y A11, permite a atacantes remotos no autenticados acceder a información confidencial y escalar privilegios • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection') •
CVSS: 7.6EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25158 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-25158
14 Apr 2022 — A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations. Una vulnerabilidad de tipo cross-site scripting (XSS) reflejada en B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el módulo de Datos compactplus Versiones A10 y A11, permite a atacantes remotos inyectar script web o HTML arbitrario en... • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25160 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-25160
14 Apr 2022 — Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration. Los controles de acceso inapropiados en B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el módulo de Datos compactplus Versiones A10 y A11, permite a atacantes extraer y manipular la configuración de red de los dispositivos • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25152 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-25152
14 Apr 2022 — A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges. Una vulnerabilidad de fijación de sesión en la interfaz administrativa de B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el módulo de Datos compactplus Versiones A10 y A11, permite a atacantes remotos secuestrar sesiones web y escalar privilegi... • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-384: Session Fixation •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25156 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-25156
14 Apr 2022 — Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root. Un código de depuración activo en B. Braun Melsungen AG SpaceCom Versión L8/U61, y el módulo de Datos compactplus Versiones A10 y A11 y anteriores, permite a atacantes en posesión de material criptográfico acceder al dispositivo como root • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-489: Active Debug Code •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2020-16238 – B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
https://notcve.org/view.php?id=CVE-2020-16238
14 Apr 2022 — A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. Una vulnerabilidad en el mecanismo de importación de configuraciones del B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el módulo de Datos compactplus Versiones A10 y A11, permite a atacantes con acceso a l... • https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html • CWE-269: Improper Privilege Management •