CVE-2020-25162
B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges.
Una vulnerabilidad de inyección XPath en B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el módulo de Datos compactplus Versiones A10 y A11, permite a atacantes remotos no autenticados acceder a información confidencial y escalar privilegios
*Credits:
Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices).
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-09-04 CVE Reserved
- 2022-04-14 CVE Published
- 2024-08-04 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html | Broken Link | |
| https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | a10 Search vendor "Bbraun" for product "Datamodule Compactplus" and version "a10" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | - | - |
Safe
|
| Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | a11 Search vendor "Bbraun" for product "Datamodule Compactplus" and version "a11" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | - | - |
Safe
|
| Bbraun Search vendor "Bbraun" | Spacecom Search vendor "Bbraun" for product "Spacecom" | <= l81 Search vendor "Bbraun" for product "Spacecom" and version " <= l81" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Spacecom Search vendor "Bbraun" for product "Spacecom" | - | - |
Safe
|