CVE-2020-16238
B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user.
Una vulnerabilidad en el mecanismo de importación de configuraciones del B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el módulo de Datos compactplus Versiones A10 y A11, permite a atacantes con acceso a la línea de comandos del sistema Linux subyacente escalar privilegios al usuario root
*Credits:
Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices).
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-07-31 CVE Reserved
- 2022-04-14 CVE Published
- 2023-11-05 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html | Broken Link | |
| https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | a10 Search vendor "Bbraun" for product "Datamodule Compactplus" and version "a10" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | - | - |
Safe
|
| Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | a11 Search vendor "Bbraun" for product "Datamodule Compactplus" and version "a11" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | - | - |
Safe
|
| Bbraun Search vendor "Bbraun" | Spacecom Search vendor "Bbraun" for product "Spacecom" | <= l81 Search vendor "Bbraun" for product "Spacecom" and version " <= l81" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Spacecom Search vendor "Bbraun" for product "Spacecom" | - | - |
Safe
|