CVE-2020-25168
B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
Severity Score
3.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module.
Unas credenciales embebidas en B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el módulo de Datos compactplus Versiones A10 y A11, permiten a atacantes con acceso a la línea de comandos acceder al módulo Wi-Fi del dispositivo
*Credits:
Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices).
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-09-04 CVE Reserved
- 2022-04-14 CVE Published
- 2023-11-05 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html | Broken Link | |
| https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | a10 Search vendor "Bbraun" for product "Datamodule Compactplus" and version "a10" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | - | - |
Safe
|
| Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | a11 Search vendor "Bbraun" for product "Datamodule Compactplus" and version "a11" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Datamodule Compactplus Search vendor "Bbraun" for product "Datamodule Compactplus" | - | - |
Safe
|
| Bbraun Search vendor "Bbraun" | Spacecom Search vendor "Bbraun" for product "Spacecom" | <= l81 Search vendor "Bbraun" for product "Spacecom" and version " <= l81" | - |
Affected
| in | Bbraun Search vendor "Bbraun" | Spacecom Search vendor "Bbraun" for product "Spacecom" | - | - |
Safe
|