// For flags

CVE-2017-6018

 

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.

Se detectó un problema de redireccionamiento abierto en el módulo SpaceCom de B. Braun Medical, que está integrado en la estación de acoplamiento SpaceStation: módulo SpaceStation with SpaceCom (integrado como número de parte 8713142U), versiones de software anteriores a 012U000040 y SpaceStation (número de parte 8713140U) con módulo SpaceCom instalado (número de parte 8713160U), versiones de software anteriores a 012U000040. El servidor web del producto afectado acepta entradas no seguras, lo que podría permitir a atacantes redireccionar la petición a una dirección URL no deseada contenida en una entrada no segura.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-02-16 CVE Reserved
  • 2017-06-30 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (1)
URL Tag Source
https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Bbraun
Search vendor "Bbraun"
 Station Firmware
Search vendor "Bbraun" for product "Station Firmware"
--
Affected
in Bbraun
Search vendor "Bbraun"
 Spacestation
Search vendor "Bbraun" for product "Spacestation"
--
Safe