CVE-2020-25154
B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites.
Una vulnerabilidad de redireccionamiento abierto en la interfaz administrativa del dispositivo B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el módulo de Datos compactplus Versiones A10 y A11, permite a atacantes redirigir a usuarios a sitios web maliciosos
*Credits:
Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices).
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-09-04 CVE Reserved
- 2022-04-14 CVE Published
- 2024-08-04 CVE Updated
- 2024-12-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html | Broken Link | |
| https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | a10 Search vendor "Bbraun" for product "Datamodule Compactplus" and version "a10" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | - | - |
Safe
|
| Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | a11 Search vendor "Bbraun" for product "Datamodule Compactplus" and version "a11" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | - | - |
Safe
|
| Bbraun Search vendor "Bbraun" | Spacecom Search vendor "Bbraun" for product "Spacecom" | <= l81 Search vendor "Bbraun" for product "Spacecom" and version " <= l81" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Spacecom Search vendor "Bbraun" for product "Spacecom" | - | - |
Safe
|